a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
24d0410712
android_kernel_samsung_univ.../net/wireless
History
Srinivas Dasari 24d0410712 cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES 
commit d7f13f7450369281a5d0ea463cc69890a15923ae upstream.

validate_scan_freqs() retrieves frequencies from attributes
nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
nla_get_u32(), which reads 4 bytes from each attribute
without validating the size of data received. Attributes
nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.

Validate size of each attribute before parsing to avoid potential buffer
overread.

Fixes: 2a51931192 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-21 07:44:55 +02:00
..
.gitignore
ap.c
chan.c cfg80211: use RTNL locked reg_can_beacon for IR-relaxation 2015-07-17 15:02:02 +02:00
core.c cfg80211/wext: fix message ordering 2016-03-16 08:42:59 -07:00
core.h cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts 2017-01-09 08:07:42 +01:00
db.txt
debugfs.c
debugfs.h
ethtool.c
genregdb.awk
ibss.c Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
Kconfig cfg80211: reg: make CRDA support optional 2015-10-16 09:15:39 +02:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
lib80211.c
Makefile
mesh.c
mlme.c cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts 2017-01-09 08:07:42 +01:00
nl80211.c cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES 2017-07-21 07:44:55 +02:00
nl80211.h
ocb.c
radiotap.c
rdev-ops.h cfg80211: allow mgmt_frame_register callback to sleep 2015-07-17 15:38:26 +02:00
reg.c nl80211: fix a few memory leaks in reg.c 2015-12-15 13:08:02 +01:00
reg.h cfg80211: Stop calling crda if it is not responsive 2015-04-01 11:22:38 +02:00
regdb.h
scan.c cfg80211: limit scan results cache size 2016-12-02 09:09:01 +01:00
sme.c cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts 2017-01-09 08:07:42 +01:00
sysfs.c cfg80211: Switch to PM ops 2015-05-20 15:00:12 +02:00
sysfs.h
trace.c
trace.h nl80211: allow BSS data to include CLOCK_BOOTTIME timestamp 2015-10-13 10:32:17 +02:00
util.c cfg80211: ignore netif running state when changing iftype 2015-05-29 13:05:40 +02:00
wext-compat.c cfg80211: wext: clear sinfo struct before calling driver 2015-06-09 13:54:58 -07:00
wext-compat.h cfg80211-wext: export symbols only when needed 2015-02-28 21:31:09 +01:00
wext-core.c Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel" 2016-09-24 10:07:41 +02:00
wext-priv.c
wext-proc.c
wext-sme.c wireless: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:38 -05:00
wext-spy.c