evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Srinivas Dasari 2d3c10e215 cfg80211: Check if PMKID attribute is of expected size 
commit 9361df14d1cbf966409d5d6f48bb334384fbe138 upstream.

nla policy checks for only maximum length of the attribute data
when the attribute type is NLA_BINARY. If userspace sends less
data than specified, the wireless drivers may access illegal
memory. When type is NLA_UNSPEC, nla policy check ensures that
userspace sends minimum specified length number of bytes.

Remove type assignment to NLA_BINARY from nla_policy of
NL80211_ATTR_PMKID to make this NLA_UNSPEC and to make sure minimum
WLAN_PMKID_LEN bytes are received from userspace with
NL80211_ATTR_PMKID.

Fixes: 67fbb16be6 ("nl80211: PMKSA caching support")
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:56 +02:00
..
6lowpan 6lowpan: put mcast compression in an own function 2015-10-21 00:49:25 +02:00
9p p9_client_readdir() fix 2017-05-02 21:19:55 -07:00
802
8021q net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev 2017-07-05 14:37:14 +02:00
appletalk
atm atm: deal with setting entry before mkip was called 2015-09-17 22:13:32 -07:00
ax25 ax25: Fix segfault after sock connection timeout 2017-02-04 09:45:09 +01:00
batman-adv batman-adv: Check for alloc errors when preparing TT local data 2016-12-15 08:49:23 -08:00
bluetooth Bluetooth: Fix user channel for 32bit userspace on 64bit kernel 2017-05-20 14:27:02 +02:00
bridge net: bridge: start hello timer only if device is up 2017-06-14 13:16:19 +02:00
caif net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx 2017-07-05 14:37:14 +02:00
can can: Fix kernel panic at security_sock_rcv_skb 2017-02-18 16:39:26 +01:00
ceph libceph: force GFP_NOIO for socket allocations 2017-04-08 09:53:30 +02:00
core net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() 2017-07-21 07:44:55 +02:00
dcb net/dcb: make dcbnl.c explicitly non-modular 2015-10-09 07:52:27 -07:00
dccp ipv6/dccp: do not inherit ipv6_mc_list from parent 2017-06-07 12:05:57 +02:00
decnet decnet: always not take dst->__refcnt when inserting dst into hash table 2017-07-05 14:37:14 +02:00
dns_resolver net: dns_resolver: convert time_t to time64_t 2015-11-18 16:27:46 -05:00
dsa net: dsa: Check return value of phy_connect_direct() 2017-07-05 14:37:19 +02:00
ethernet net: introduce device min_header_len 2017-02-18 16:39:27 +01:00
hsr net/hsr: fix a warning message 2015-11-23 14:56:15 -05:00
ieee802154 net: fix percpu memory leaks 2015-11-02 22:47:14 -05:00
ipv4 tcp: reset sk_rx_dst in tcp_disconnect() 2017-07-21 07:44:54 +02:00
ipv6 net: ipv6: Compare lwstate in detecting duplicate nexthops 2017-07-21 07:44:55 +02:00
ipx ipx: call ipxitf_put() in ioctl error path 2017-05-25 14:30:13 +02:00
irda irda: Fix lockdep annotations in hashbin_delete(). 2017-02-26 11:07:50 +01:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-03-03 15:07:03 -08:00
key xfrm: Oops on error in pfkey_msg2xfrm_state() 2017-07-05 14:37:21 +02:00
l2tp l2tp: fix PPP pseudo-wire auto-loading 2017-05-02 21:19:52 -07:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb
llc net/llc: avoid BUG_ON() in skb_orphan() 2017-02-26 11:07:49 +01:00
mac80211 mac80211: initialize SMPS field in HT capabilities 2017-07-05 14:37:20 +02:00
mac802154 mac802154: llsec: use kzfree 2015-10-21 00:49:24 +02:00
mpls mpls: Send route delete notifications when router module is unloaded 2017-03-22 12:04:16 +01:00
netfilter netfilter: synproxy: fix conntrackd interaction 2017-07-05 14:37:15 +02:00
netlabel netlabel: add address family checks to netlbl_{sock,req}_delattr() 2016-08-20 18:09:22 +02:00
netlink netlink: Allow direct reclaim for fallback allocation 2017-05-08 07:46:02 +02:00
netrom
nfc net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
openvswitch net/openvswitch: Set the ipv6 source tunnel key address attribute correctly 2017-03-30 09:35:12 +02:00
packet net/packet: fix overflow in check for tp_reserve 2017-05-02 21:19:51 -07:00
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-31 11:29:00 -08:00
rds rds: tcp: use sock_create_lite() to create the accept socket 2017-07-21 07:44:55 +02:00
rfkill rfkill: fix rfkill_fop_read wait_event usage 2016-03-03 15:07:26 -08:00
rose
rxrpc rxrpc: Fix several cases where a padded len isn't checked in ticket decode 2017-06-29 12:48:52 +02:00
sched net: sched: Fix one possible panic when no destroy callback 2017-07-21 07:44:54 +02:00
sctp sctp: check af before verify address in sctp_addr_id2transport 2017-07-05 14:37:21 +02:00
sunrpc SUNRPC: fix refcounting problems with auth_gss messages. 2017-04-21 09:30:08 +02:00
switchdev switchdev: pass pointer to fib_info instead of copy 2016-06-24 10:18:16 -07:00
tipc tipc: ignore requests when the connection state is not CONNECTED 2017-06-17 06:39:38 +02:00
unix af_unix: Add sockaddr length checks before accessing sa_family in bind and connect handlers 2017-07-05 14:37:13 +02:00
vmw_vsock VSOCK: Detach QP check should filter out non matching QPs. 2017-04-27 09:09:32 +02:00
wimax net:wimax: Fix doucble word "the the" in networking.xml 2015-08-09 22:43:52 -07:00
wireless cfg80211: Check if PMKID attribute is of expected size 2017-07-21 07:44:56 +02:00
x25 net: fix a kernel infoleak in x25 module 2016-05-18 17:06:43 -07:00
xfrm xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY 2017-07-05 14:37:21 +02:00
compat.c
Kconfig net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
Makefile net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
socket.c net: socket: fix recvmmsg not returning error from sock_error 2017-02-26 11:07:50 +01:00
sysctl_net.c net: Use ns_capable_noaudit() when determining net sysctl permissions 2016-09-15 08:27:50 +02:00