mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-11-01 17:08:10 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/wireless
History
Jouni Malinen 312ca38ddd cfg80211: Fix busy loop regression in ieee80211_ie_split_ric() 
This function was modified to support the information element extension
case (WLAN_EID_EXTENSION) in a manner that would result in an infinite
loop when going through set of IEs that include WLAN_EID_RIC_DATA and
contain an IE that is in the after_ric array. The only place where this
can currently happen is in mac80211 ieee80211_send_assoc() where
ieee80211_ie_split_ric() is called with after_ric[].

This can be triggered by valid data from user space nl80211
association/connect request (i.e., requiring GENL_UNS_ADMIN_PERM). The
only known application having an option to include WLAN_EID_RIC_DATA in
these requests is wpa_supplicant and it had a bug that prevented this
specific contents from being used (and because of that, not triggering
this kernel bug in an automated test case ap_ft_ric) and now that this
bug is fixed, it has a workaround to avoid this kernel issue.
WLAN_EID_RIC_DATA is currently used only for testing purposes, so this
does not cause significant harm for production use cases.

Fixes: 2512b1b18d ("mac80211: extend ieee80211_ie_split to support EXTENSION")
Cc: stable@vger.kernel.org
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-12-05 12:51:29 +01:00
..
certs
.gitignore
ap.c nl80211: Add SOCKET_OWNER support to START_AP 2018-03-29 10:47:28 +02:00
chan.c cfg80211: enable use of non-cleared DFS channels for DFS offload 2018-03-29 10:21:35 +02:00
core.c cfg80211: unify sending NL80211_CMD_NEW_INTERFACE 2018-10-02 09:58:57 +02:00
core.h cfg80211: move cookie_counter out of wiphy 2018-10-02 09:58:36 +02:00
debugfs.c
debugfs.h
ethtool.c
ibss.c nl80211: Add SOCKET_OWNER support to JOIN_IBSS 2018-03-29 10:36:22 +02:00
Kconfig
lib80211.c
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c lib80211: don't use skcipher 2018-10-10 14:44:16 +02:00
lib80211_crypt_wep.c lib80211: don't use skcipher 2018-10-10 14:44:16 +02:00
Makefile
mesh.c nl80211: Add SOCKET_OWNER support to JOIN_MESH 2018-03-29 10:38:24 +02:00
mlme.c cfg80211: add missing constraint for user-supplied VHT mask 2018-11-09 08:55:32 +01:00
nl80211.c cfg80211/mac80211: fix FTM settings across CSA 2018-11-09 08:56:58 +01:00
nl80211.h
ocb.c
of.c
radiotap.c
rdev-ops.h cfg80211: support FTM responder configuration/statistics 2018-10-02 09:56:30 +02:00
reg.c Merge remote-tracking branch 'net-next/master' into mac80211-next 2018-10-08 09:48:36 +02:00
reg.h
scan.c cfg80211: Address some corner cases in scan result channel updating 2018-09-10 09:13:09 +02:00
sme.c cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces 2018-11-09 09:11:47 +01:00
sysfs.c cfg80211: track time using boottime 2018-06-29 09:49:28 +02:00
sysfs.h
trace.c
trace.h cfg80211: sort tracing properly 2018-10-02 09:59:07 +02:00
util.c cfg80211: Fix busy loop regression in ieee80211_ie_split_ric() 2018-12-05 12:51:29 +01:00
wext-compat.c cfg80211: fix wext-compat memory leak 2018-10-01 09:11:36 +02:00
wext-compat.h
wext-core.c net: Don't take rtnl_lock() in wireless_nlevent_flush() 2018-03-29 13:47:53 -04:00
wext-priv.c
wext-proc.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
wext-sme.c
wext-spy.c