mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 15:15:47 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/wireless
History
Srinivas Dasari d7f13f7450 cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES 
validate_scan_freqs() retrieves frequencies from attributes
nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
nla_get_u32(), which reads 4 bytes from each attribute
without validating the size of data received. Attributes
nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.

Validate size of each attribute before parsing to avoid potential buffer
overread.

Fixes: 2a51931192 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-07-07 11:24:31 +02:00
..
.gitignore
ap.c cfg80211: Make pre-CAC results valid only for ETSI domain 2017-03-06 13:54:15 +01:00
chan.c cfg80211: Share Channel DFS state across wiphys of same DFS domain 2017-03-06 13:54:20 +01:00
core.c cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
core.h cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
db.txt
debugfs.c cfg80211 debugfs: Cleanup some checkpatch issues 2017-02-08 09:15:59 +01:00
debugfs.h
ethtool.c
genregdb.awk
ibss.c cfg80211: Make pre-CAC results valid only for ETSI domain 2017-03-06 13:54:15 +01:00
Kconfig cfg80211: Fix some linguistics in Kconfig 2016-02-24 09:04:23 +01:00
lib80211.c
lib80211_crypt_ccmp.c lib80211: ratelimit key index mismatch 2015-12-04 14:43:32 +01:00
lib80211_crypt_tkip.c wireless: fix bogus maybe-uninitialized warning 2016-11-17 08:46:38 +02:00
lib80211_crypt_wep.c lib80211: Use skcipher and ahash 2016-01-27 20:36:03 +08:00
Makefile For 4.11, we seem to have more than in the past few releases: 2017-01-14 12:02:15 -05:00
mesh.c cfg80211: Make pre-CAC results valid only for ETSI domain 2017-03-06 13:54:15 +01:00
mlme.c cfg80211: Use a structure to pass connect response params 2017-03-31 08:31:26 +02:00
nl80211.c cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES 2017-07-07 11:24:31 +02:00
nl80211.h cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss() 2017-04-28 12:28:44 +02:00
ocb.c cfg80211: ocb: Fix null pointer deref if join_ocb is unimplemented 2015-12-04 14:43:32 +01:00
of.c cfg80211: support ieee80211-freq-limit DT property 2017-01-06 14:01:13 +01:00
radiotap.c cfg80211: add radiotap VHT info to rtap_namespace_sizes 2016-02-24 09:04:41 +01:00
rdev-ops.h cfg80211: add request id parameter to .sched_scan_stop() signature 2017-04-26 23:17:40 +02:00
reg.c cfg80211: Fix dfs state propagation for non-DFS center channel 2017-04-25 21:42:52 +02:00
reg.h cfg80211: Share Channel DFS state across wiphys of same DFS domain 2017-03-06 13:54:20 +01:00
regdb.h
scan.c cfg80211: make cfg80211_sched_scan_results() work from atomic context 2017-05-23 14:36:46 +02:00
sme.c cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss() 2017-04-28 12:28:44 +02:00
sysfs.c cfg80211: check rdev resume callback only for registered wiphy 2017-03-29 09:11:29 +02:00
sysfs.h
trace.c
trace.h cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
util.c mac80211: strictly check mesh address extension mode 2017-05-17 14:24:29 +02:00
wext-compat.c cfg80211: move add/change interface monitor flags into params 2017-04-13 13:41:38 +02:00
wext-compat.h
wext-core.c dev_ioctl: copy only the smaller struct iwreq for wext 2017-06-14 13:52:44 +02:00
wext-priv.c
wext-proc.c
wext-sme.c cfg80211: wext does not need to set monitor channel in managed mode 2017-01-11 14:10:44 +01:00
wext-spy.c