From 69d53b8b6b8e82c594817545e033904fbf567bb1 Mon Sep 17 00:00:00 2001
From: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
Date: Tue, 5 Mar 2024 12:39:44 +0530
Subject: [PATCH] nl80211: Fix potential NULL pointer dereference in set_ap()

In the code review, it was found that param->freq is accessed without
NULL check in wpa_driver_nl80211_set_ap(), while in other sections of
the code, freq is accessed only after NULL validation. This situation
could result in a segmentation fault at least in theory.

Add a NULL check for freq before accessing it to be consistent with the
other uses.

Fixes: 0c6c948047de ("nl80211: Support setting up an AP on a specified link")
Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
---
 src/drivers/driver_nl80211.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 92aaf2c34..be077db91 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -5109,8 +5109,9 @@ static int wpa_driver_nl80211_set_ap(void *priv,
 		     nl80211_put_freq_params(msg, params->freq) < 0))
 			goto fail;
 
-		nl80211_link_set_freq(bss, params->mld_link_id,
-				      params->freq->freq);
+		if (params->freq)
+			nl80211_link_set_freq(bss, params->mld_link_id,
+					      params->freq->freq);
 	}
 
 	if (params->proberesp && params->proberesp_len) {