bug report: ath6kl: use after free

Sat Oct 16 11:39:45 PDT 2010

Hi Vipin,

There is a use after free bug in ar6000_ioctl_set_channelParams().  I'm
not sure how to fix it.

drivers/staging/ath6kl/os/linux/ioctl.c +374
	ar6000_ioctl_set_channelParams(51) warn: 'cmdp' was already freed.
   370      if (cmd.numChannels > 1) {
   371          kfree(cmdp);
                      ^^^^
	freed here.

   372      }
   373
   374      ar->ap_wmode = cmdp->phyMode;
                           ^^^^^^
	dereferenced here.

regards,
dan carpenter