From 2827bf19f1b6ab94d9369a0d0d66b55cf4c7530b Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 9 Aug 2017 11:08:14 -0700
Subject: [PATCH] 4.4-stable patches

added patches:
	wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
---
 queue-4.4/series                              |  1 +
 ...-data-in-iwe_stream_add_point-better.patch | 45 +++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 queue-4.4/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch

diff --git a/queue-4.4/series b/queue-4.4/series
index 2a5b46bec2d..395442eff9e 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -40,3 +40,4 @@ net-phy-correctly-process-phy_halted-in-phy_stop_machine.patch
 xen-netback-correctly-schedule-rate-limited-queues.patch
 sparc64-measure-receiver-forward-progress-to-avoid-send-mondo-timeout.patch
 sparc64-prevent-perf-from-running-during-super-critical-sections.patch
+wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
diff --git a/queue-4.4/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch b/queue-4.4/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
new file mode 100644
index 00000000000..638587eacd4
--- /dev/null
+++ b/queue-4.4/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
@@ -0,0 +1,45 @@
+From 93be2b74279c15c2844684b1a027fdc71dd5d9bf Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Wed, 11 Jan 2017 15:35:25 +0100
+Subject: wext: handle NULL extra data in iwe_stream_add_point better
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 93be2b74279c15c2844684b1a027fdc71dd5d9bf upstream.
+
+gcc-7 complains that wl3501_cs passes NULL into a function that
+then uses the argument as the input for memcpy:
+
+drivers/net/wireless/wl3501_cs.c: In function 'wl3501_get_scan':
+include/net/iw_handler.h:559:3: error: argument 2 null where non-null expected [-Werror=nonnull]
+   memcpy(stream + point_len, extra, iwe->u.data.length);
+
+This works fine here because iwe->u.data.length is guaranteed to be 0
+and the memcpy doesn't actually have an effect.
+
+Making the length check explicit avoids the warning and should have
+no other effect here.
+
+Also check the pointer itself, since otherwise we get warnings
+elsewhere in the code.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/net/iw_handler.h |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/include/net/iw_handler.h
++++ b/include/net/iw_handler.h
+@@ -556,7 +556,8 @@ iwe_stream_add_point(struct iw_request_i
+ 		memcpy(stream + lcp_len,
+ 		       ((char *) &iwe->u) + IW_EV_POINT_OFF,
+ 		       IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN);
+-		memcpy(stream + point_len, extra, iwe->u.data.length);
++		if (iwe->u.data.length && extra)
++			memcpy(stream + point_len, extra, iwe->u.data.length);
+ 		stream += event_len;
+ 	}
+ 	return stream;
-- 
2.47.3