[PATCH 810/961] staging: brcm80211: bugfix for control.sta NULL ptr dereference

[Greg Kroah-Hartman]

From: Roland Vossen <rvossen at broadcom.com>

Mac80211 can transmit packets where the control.sta field is NULL.
The driver dereferenced this. Bugfix was to only dereference a non NULL
ieee80211_sta pointer.

Signed-off-by: Roland Vossen <rvossen at broadcom.com>
Reviewed-by: Arend van Spriel <arend at broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
 drivers/staging/brcm80211/brcmsmac/wlc_main.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/staging/brcm80211/brcmsmac/wlc_main.c b/drivers/staging/brcm80211/brcmsmac/wlc_main.c
index cb1e142..8bee149 100644
--- a/drivers/staging/brcm80211/brcmsmac/wlc_main.c
+++ b/drivers/staging/brcm80211/brcmsmac/wlc_main.c
@@ -6613,7 +6613,8 @@ wlc_dotxstatus(struct wlc_info *wlc, tx_status_t *txs, u32 frm_tx2)
 	tx_info = IEEE80211_SKB_CB(p);
 	h = (struct ieee80211_hdr *)((u8 *) (txh + 1) + D11_PHY_HDR_LEN);
 
-	scb = (struct scb *)tx_info->control.sta->drv_priv;
+	if (tx_info->control.sta)
+		scb = (struct scb *)tx_info->control.sta->drv_priv;
 
 	if (N_ENAB(wlc->pub)) {
 		u8 *plcp = (u8 *) (txh + 1);
-- 
1.7.4.1