evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/wireless
History
Johannes Berg fd27e0779c nl80211: validate beacon head 
commit f88eb7c0d002a67ef31aeb7850b42ff69abc46dc upstream.

We currently don't validate the beacon head, i.e. the header,
fixed part and elements that are to go in front of the TIM
element. This means that the variable elements there can be
malformed, e.g. have a length exceeding the buffer size, but
most downstream code from this assumes that this has already
been checked.

Add the necessary checks to the netlink policy.

Cc: stable@vger.kernel.org
Fixes: ed1b6cc7f8 ("cfg80211/nl80211: add beacon settings")
Link: https://lore.kernel.org/r/1569009255-I7ac7fbe9436e9d8733439eab8acbbd35e55c74ef@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-10-17 13:40:57 -07:00
..
.gitignore
ap.c
chan.c cfg80211: use RTNL locked reg_can_beacon for IR-relaxation 2015-07-17 15:02:02 +02:00
core.c cfg80211: fix memory leak of wiphy device name 2019-07-10 09:56:34 +02:00
core.h cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts 2017-01-09 08:07:42 +01:00
db.txt
debugfs.c
debugfs.h
ethtool.c
genregdb.awk
ibss.c
Kconfig cfg80211: reg: make CRDA support optional 2015-10-16 09:15:39 +02:00
lib80211.c
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
Makefile
mesh.c
mlme.c cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts 2017-01-09 08:07:42 +01:00
nl80211.c nl80211: validate beacon head 2019-10-17 13:40:57 -07:00
nl80211.h
ocb.c
radiotap.c
rdev-ops.h cfg80211: allow mgmt_frame_register callback to sleep 2015-07-17 15:38:26 +02:00
reg.c cfg80211: initialize on-stack chandefs 2019-10-17 13:40:54 -07:00
reg.h
regdb.h
scan.c cfg80211: limit scan results cache size 2016-12-02 09:09:01 +01:00
sme.c cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts 2017-01-09 08:07:42 +01:00
sysfs.c
sysfs.h
trace.c
trace.h nl80211: allow BSS data to include CLOCK_BOOTTIME timestamp 2015-10-13 10:32:17 +02:00
util.c cfg80211: Purge frame registrations on iftype change 2019-10-05 12:27:54 +02:00
wext-compat.c cfg80211: initialize on-stack chandefs 2019-10-17 13:40:54 -07:00
wext-compat.h
wext-core.c Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel" 2016-09-24 10:07:41 +02:00
wext-priv.c
wext-proc.c
wext-sme.c
wext-spy.c