28 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			28 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From: Arunk Khandavalli <akhandav@codeaurora.org>
 | |
| Date: Thu, 30 Aug 2018 00:40:16 +0300
 | |
| Subject: [PATCH] cfg80211: nl80211_update_ft_ies() to validate
 | |
|  NL80211_ATTR_IE
 | |
| 
 | |
| nl80211_update_ft_ies() tried to validate NL80211_ATTR_IE with
 | |
| is_valid_ie_attr() before dereferencing it, but that helper function
 | |
| returns true in case of NULL pointer (i.e., attribute not included).
 | |
| This can result to dereferencing a NULL pointer. Fix that by explicitly
 | |
| checking that NL80211_ATTR_IE is included.
 | |
| 
 | |
| Fixes: 355199e02b83 ("cfg80211: Extend support for IEEE 802.11r Fast BSS Transition")
 | |
| Signed-off-by: Arunk Khandavalli <akhandav@codeaurora.org>
 | |
| Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 | |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 | |
| ---
 | |
| 
 | |
| --- a/net/wireless/nl80211.c
 | |
| +++ b/net/wireless/nl80211.c
 | |
| @@ -11763,6 +11763,7 @@ static int nl80211_update_ft_ies(struct
 | |
|  		return -EOPNOTSUPP;
 | |
|  
 | |
|  	if (!info->attrs[NL80211_ATTR_MDID] ||
 | |
| +	    !info->attrs[NL80211_ATTR_IE] ||
 | |
|  	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
 | |
|  		return -EINVAL;
 | |
|  
 | 
