linux/net
Anant Thazhemadam 2d9463083c nl80211: validate key indexes for cfg80211_registered_device
syzbot discovered a bug in which an OOB access was being made because
an unsuitable key_idx value was wrongly considered to be acceptable
while deleting a key in nl80211_del_key().

Since we don't know the cipher at the time of deletion, if
cfg80211_validate_key_settings() were to be called directly in
nl80211_del_key(), even valid keys would be wrongly determined invalid,
and deletion wouldn't occur correctly.
For this reason, a new function - cfg80211_valid_key_idx(), has been
created, to determine if the key_idx value provided is valid or not.
cfg80211_valid_key_idx() is directly called in 2 places -
nl80211_del_key(), and cfg80211_validate_key_settings().

Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Suggested-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com
Cc: stable@vger.kernel.org
[also disallow IGTK key IDs if no IGTK cipher is supported]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-12-11 13:20:04 +01:00
..
6lowpan
9p net: 9p: Fix kerneldoc warnings of missing parameters etc 2020-11-02 12:25:52 -08:00
802
8021q net: vlan: Fixed signedness in vlan_group_prealloc_vid() 2020-09-28 00:51:39 -07:00
appletalk net: appletalk: fix kerneldoc warnings 2020-10-30 11:48:17 -07:00
atm atm: nicstar: Replace in_interrupt() usage 2020-11-18 16:43:55 -08:00
ax25
batman-adv batman-adv: Drop unused soft-interface.h include in fragmentation.c 2020-12-04 08:41:16 +01:00
bluetooth Bluetooth: Increment management interface revision 2020-12-07 17:02:00 +02:00
bpf bpf: fix raw_tp test run in preempt kernel 2020-09-30 08:34:08 -07:00
bpfilter Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH" 2020-10-15 12:33:24 -07:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-03 15:44:09 -08:00
caif caif: Remove duplicate macro SRVL_CTRL_PKT_SIZE 2020-09-05 15:57:05 -07:00
can can: isotp: add SF_BROADCAST support for functional addressing 2020-12-10 09:31:40 +01:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-10-12 15:29:27 +02:00
core rtnetlink: RCU-annotate both dimensions of rtnl_msg_handlers 2020-12-10 13:35:59 -08:00
dcb net: dcb: Fix kerneldoc warnings 2020-10-30 11:59:54 -07:00
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-11-27 18:25:27 -08:00
decnet treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
dns_resolver
dsa net: dsa: print the MTU value that could not be set 2020-12-08 11:24:07 -08:00
ethernet net: datagram: fix some kernel-doc markups 2020-11-17 14:15:03 -08:00
ethtool Merge https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-11-12 16:54:48 -08:00
hsr genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
ieee802154 treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
ife
ipv4 tcp: correctly handle increased zerocopy args struct size 2020-12-10 13:10:32 -08:00
ipv6 net: ipv6: rpl_iptunnel: simplify the return expression of rpl_do_srh() 2020-12-08 16:22:54 -08:00
iucv net/af_iucv: use DECLARE_SOCKADDR to cast from sockaddr 2020-12-08 15:56:53 -08:00
kcm
key
l2tp genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
l3mdev net: l3mdev: Fix kerneldoc warning 2020-10-30 11:43:42 -07:00
lapb net/lapb: fix t1 timer handling for LAPB_STATE_0 2020-11-27 17:22:51 -08:00
llc net: llc: Fix kerneldoc warnings 2020-10-30 11:34:09 -07:00
mac80211 cfg80211: include block-tx flag in channel switch started event 2020-12-11 12:59:37 +01:00
mac802154 net: mac802154: convert tasklets to use new tasklet_setup() API 2020-11-07 10:40:56 -08:00
mpls mpls: drop skb's dst in mpls_forward() 2020-11-03 12:55:53 -08:00
mptcp mptcp: be careful on subflows shutdown 2020-12-09 19:31:58 -08:00
ncsi net/ncsi: Fix netlink registration 2020-11-12 17:00:13 -08:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-03 15:44:09 -08:00
netlabel Merge https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-11-19 19:08:46 -08:00
netlink netlink: export policy in extended ACK 2020-10-09 20:22:32 -07:00
netrom
nfc net: sched: fix spelling mistake in Kconfig "trys" -> "tries" 2020-12-08 16:01:56 -08:00
nsh
openvswitch net: openvswitch: conntrack: simplify the return expression of ovs_ct_limit_get_default_limit() 2020-12-08 16:22:54 -08:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-11-27 18:25:27 -08:00
phonet
psample genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
qrtr wireless-drivers-next patches for v5.11 2020-12-04 10:56:37 -08:00
rds RDMA: Add rdma_connect_locked() 2020-10-28 09:14:49 -03:00
rfkill rfkill: add a reason to the HW rfkill state 2020-12-11 12:47:17 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-11-20 10:04:58 -08:00
rxrpc net: rxrpc: convert comma to semicolon 2020-12-09 16:23:07 -08:00
sched net: sched: incorrect Kconfig dependencies on Netfilter modules 2020-12-09 15:49:29 -08:00
sctp sctp: Fix some typo 2020-11-23 17:44:11 -08:00
smc net/smc: Add support for obtaining SMCR device list 2020-12-01 17:56:13 -08:00
strparser
sunrpc net: datagram: fix some kernel-doc markups 2020-11-17 14:15:03 -08:00
switchdev net: switchdev: Fixed kerneldoc warning 2020-09-23 17:46:31 -07:00
tipc tipc: support 128bit node identity for peer removing 2020-12-04 17:40:27 -08:00
tls net/tls: make sure tls offload sets salt_size 2020-12-01 17:51:30 -08:00
unix networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-11-27 18:25:27 -08:00
wireless nl80211: validate key indexes for cfg80211_registered_device 2020-12-11 13:20:04 +01:00
x25 net: x25: Fix handling of Restart Request and Restart Confirmation 2020-12-09 19:34:25 -08:00
xdp Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-12-04 07:48:12 -08:00
xfrm net: xfrm: use core API for updating/providing stats 2020-11-14 17:01:08 -08:00
compat.c iov_iter: transparently handle compat iovecs in import_iovec 2020-10-03 00:02:13 -04:00
devres.c
Kconfig wimax: move out to staging 2020-10-29 19:27:45 +01:00
Makefile wimax: move out to staging 2020-10-29 19:27:45 +01:00
socket.c net: don't include ethtool.h from netdevice.h 2020-11-23 17:27:04 -08:00
sysctl_net.c