On Wed, Aug 10, 2011 at 07:00:33PM -0600, Felix Fietkau wrote: > mac80211 leaves sinfo->assoc_req_ies uninitialized, causing a random > pointer memory access in nl80211_send_station. > Instead of checking if the pointer is null, use sinfo->filled, like > the rest of the fields. Thanks! This was too easy a trap to fall into.. It looked obvious that sinfo would be cleared before calls, but clearly not (well, it was cleared in the driver that I used for testing this ;-). I'll see if an additional patch could be added to make this less likely to happen again. -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html