One fail path in cfg80211_wext_siwscan omits to unlock rdev->mtx. Fix that. Trigerrable by "Scan for SSID" with long enough SSID (> 32). Signed-off-by: Jiri Slaby <jslaby@xxxxxxx> --- net/wireless/scan.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 12dfa62..9c50c85 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -694,8 +694,10 @@ int cfg80211_wext_siwscan(struct net_device *dev, /* translate "Scan for SSID" request */ if (wreq) { if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { - if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) - return -EINVAL; + if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) { + err = -EINVAL; + goto out; + } memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); creq->ssids[0].ssid_len = wreq->essid_len; } -- 1.6.5.7 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html