linux-stable/net
Luciano Coelho 208c72f4fe nl80211: fix check for valid SSID size in scan operations
In both trigger_scan and sched_scan operations, we were checking for
the SSID length before assigning the value correctly.  Since the
memory was just kzalloc'ed, the check was always failing and SSID with
over 32 characters were allowed to go through.

This was causing a buffer overflow when copying the actual SSID to the
proper place.

This bug has been there since 2.6.29-rc4.

Cc: stable@kernel.org
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:28 -04:00
..
9p [net/9p]: Introduce basic flow-control for VirtIO transport. 2011-03-22 16:32:50 -05:00
802
8021q vlan: should take into account needed_headroom 2011-03-18 15:13:12 -07:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm atm/solos-pci: Don't flap VCs when carrier state changes 2011-03-30 16:53:38 -07:00
ax25
batman-adv Merge branch 'batman-adv/next' of git://git.open-mesh.org/ecsv/linux-merge 2011-03-07 00:37:13 -08:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6 2011-05-12 14:06:10 -04:00
bridge bridge: mcast snooping, fix length check of snooped MLDv1/2 2011-03-30 02:28:20 -07:00
caif Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-08 17:19:01 -08:00
can can: make struct proto const 2011-03-27 23:34:59 -07:00
ceph libceph: add lingering request and watch/notify event framework 2011-03-22 11:33:55 -07:00
core netdev: fix mtu check when TSO is enabled 2011-03-30 02:42:17 -07:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp net: Put fl6_* macros to struct flowi6 and use them again. 2011-03-12 15:08:55 -08:00
decnet decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dns_resolver DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076] 2011-03-04 09:56:19 +11:00
dsa dsa/mv88e6060: support nonzero mii base address 2011-03-08 14:24:20 -08:00
econet econet: 4 byte infoleak to the network 2011-03-18 15:12:15 -07:00
ethernet
ieee802154
ipv4 tcp: len check is unnecessarily devastating, change to WARN_ON 2011-04-01 21:47:41 -07:00
ipv6 net: gre: provide multicast mappings for ipv4 and ipv6 2011-03-30 00:10:47 -07:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: validate peer name and attribute lengths 2011-03-27 17:59:02 -07:00
iucv
key pfkey: fix warning 2011-03-01 22:51:52 -08:00
l2tp l2tp: fix possible oops on l2tp_eth module unload 2011-03-21 18:10:25 -07:00
lapb
llc llc: avoid skb_clone() if there is only one handler 2011-02-28 12:28:50 -08:00
mac80211 mac80211: Don't sleep when growing the mesh path 2011-05-19 13:54:14 -04:00
netfilter IPVS: Use global mutex in ip_vs_app.c 2011-03-21 20:39:24 -07:00
netlabel netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 2011-03-03 10:55:40 -08:00
netlink Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-03 21:27:42 -08:00
netrom
packet af_packet: struct socket declared/assigned but unused 2011-03-07 15:51:13 -08:00
phonet Phonet: fix aligned-mode pipe socket buffer header reserve 2011-03-15 14:55:49 -07:00
rds rds: use little-endian bitops 2011-03-23 19:46:16 -07:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose rose: Add length checks to CALL_REQUEST parsing 2011-03-27 17:59:04 -07:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-03-16 16:29:25 -07:00
sched ipv4: Remove flowi from struct rtable. 2011-03-04 21:55:31 -08:00
sctp sctp: malloc enough room for asconf-ack chunk 2011-04-01 21:45:51 -07:00
sunrpc NFS: Ensure that rpc_release_resources_task() can be called twice. 2011-03-27 17:55:36 +02:00
tipc tipc: delete extra semicolon blocking node deletion 2011-03-14 12:21:12 -04:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-03-16 16:29:25 -07:00
wanrouter
wimax
wireless nl80211: fix check for valid SSID size in scan operations 2011-05-26 15:43:28 -04:00
x25 x25: remove the BKL 2011-03-05 10:55:45 +01:00
xfrm xfrm: Restrict extended sequence numbers to esp 2011-03-28 23:34:53 -07:00
compat.c
Kconfig
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c ethtool: Compat handling for struct ethtool_rxnfc 2011-03-18 15:13:11 -07:00
sysctl_net.c
TUNABLE