Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-04 18:13:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
0b7808818c
linux/net/wireless
History
Johannes Berg 0b7808818c wifi: cfg80211: fix BSS refcounting bugs 
There are multiple refcounting bugs related to multi-BSSID:
 - In bss_ref_get(), if the BSS has a hidden_beacon_bss, then
   the bss pointer is overwritten before checking for the
   transmitted BSS, which is clearly wrong. Fix this by using
   the bss_from_pub() macro.

 - In cfg80211_bss_update() we copy the transmitted_bss pointer
   from tmp into new, but then if we release new, we'll unref
   it erroneously. We already set the pointer and ref it, but
   need to NULL it since it was copied from the tmp data.

 - In cfg80211_inform_single_bss_data(), if adding to the non-
   transmitted list fails, we unlink the BSS and yet still we
   return it, but this results in returning an entry without
   a reference. We shouldn't return it anyway if it was broken
   enough to not get added there.

This fixes CVE-2022-42720.

Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: a3584f56de ("cfg80211: Properly track transmitting and non-transmitting BSS")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-10-10 09:50:51 +02:00
..
certs
.gitignore
ap.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
chan.c wifi: nl80211: relax wdev mutex check in wdev_chandef() 2022-07-01 11:42:58 +02:00
core.c wifi: cfg80211/mac80211: check EHT capability size correctly 2022-08-25 10:41:24 +02:00
core.h wifi: cfg80211: clean up links appropriately 2022-07-15 11:43:18 +02:00
debugfs.c wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() 2022-08-25 10:04:46 +02:00
debugfs.h
ethtool.c wifi: cfg80211: use strscpy to replace strlcpy 2022-07-15 11:43:12 +02:00
ibss.c wifi: cfg80211: Add link_id parameter to various key operations for MLO 2022-08-25 10:41:05 +02:00
Kconfig
lib80211_crypt_ccmp.c wifi: use struct_group to copy addresses 2022-09-03 16:40:06 +02:00
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
lib80211.c
Makefile cfg80211: fix CONFIG_CFG80211_EXTRA_REGDB_KEYDIR typo 2022-03-01 14:10:14 +01:00
mesh.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
mlme.c wifi: cfg80211/nl80211: move rx management data into a struct 2022-07-22 14:28:26 +02:00
nl80211.c drivers 2022-09-04 11:24:34 +01:00
nl80211.h wifi: cfg80211/nl80211: move rx management data into a struct 2022-07-22 14:28:26 +02:00
ocb.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
of.c
pmsr.c cfg80211: pmsr: remove useless ifdef guards 2022-02-04 16:26:16 +01:00
radiotap.c mac80211: Use flex-array for radiotap header bitmap 2021-08-13 09:58:25 +02:00
rdev-ops.h wifi: cfg80211: Add link_id parameter to various key operations for MLO 2022-08-25 10:41:05 +02:00
reg.c wifi: cfg80211: get correct AP link chandef 2022-08-25 10:40:52 +02:00
reg.h
scan.c wifi: cfg80211: fix BSS refcounting bugs 2022-10-10 09:50:51 +02:00
sme.c Various updates: 2022-08-26 11:56:55 +01:00
sysfs.c cfg80211: shut down interfaces on failed resume 2021-06-09 16:09:20 +02:00
sysfs.h
trace.c
trace.h wifi: cfg80211: Add link_id to cfg80211_ch_switch_started_notify() 2022-08-25 11:07:26 +02:00
util.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-29 14:30:51 -07:00
wext-compat.c wifi: cfg80211: Add link_id parameter to various key operations for MLO 2022-08-25 10:41:05 +02:00
wext-compat.h
wext-core.c
wext-priv.c
wext-proc.c
wext-sme.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
wext-spy.c wireless: wext-spy: Fix out-of-bounds warning 2021-06-23 10:57:17 +02:00