linux/net/wireless
Jouni Malinen 312ca38ddd cfg80211: Fix busy loop regression in ieee80211_ie_split_ric()
This function was modified to support the information element extension
case (WLAN_EID_EXTENSION) in a manner that would result in an infinite
loop when going through set of IEs that include WLAN_EID_RIC_DATA and
contain an IE that is in the after_ric array. The only place where this
can currently happen is in mac80211 ieee80211_send_assoc() where
ieee80211_ie_split_ric() is called with after_ric[].

This can be triggered by valid data from user space nl80211
association/connect request (i.e., requiring GENL_UNS_ADMIN_PERM). The
only known application having an option to include WLAN_EID_RIC_DATA in
these requests is wpa_supplicant and it had a bug that prevented this
specific contents from being used (and because of that, not triggering
this kernel bug in an automated test case ap_ft_ric) and now that this
bug is fixed, it has a workaround to avoid this kernel issue.
WLAN_EID_RIC_DATA is currently used only for testing purposes, so this
does not cause significant harm for production use cases.

Fixes: 2512b1b18d ("mac80211: extend ieee80211_ie_split to support EXTENSION")
Cc: stable@vger.kernel.org
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-12-05 12:51:29 +01:00
..
certs cfg80211: ship certificates as hex files 2017-12-19 09:28:01 +01:00
.gitignore cfg80211: implement regdb signature checking 2017-10-11 14:24:24 +02:00
ap.c nl80211: Add SOCKET_OWNER support to START_AP 2018-03-29 10:47:28 +02:00
chan.c cfg80211: enable use of non-cleared DFS channels for DFS offload 2018-03-29 10:21:35 +02:00
core.c cfg80211: unify sending NL80211_CMD_NEW_INTERFACE 2018-10-02 09:58:57 +02:00
core.h cfg80211: move cookie_counter out of wiphy 2018-10-02 09:58:36 +02:00
debugfs.c cfg80211 debugfs: Cleanup some checkpatch issues 2017-02-08 09:15:59 +01:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ethtool.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ibss.c nl80211: Add SOCKET_OWNER support to JOIN_IBSS 2018-03-29 10:36:22 +02:00
Kconfig cfg80211: add missing dependency to CFG80211 suboptions 2018-02-27 10:54:12 +01:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c lib80211: don't use skcipher 2018-10-10 14:44:16 +02:00
lib80211_crypt_wep.c lib80211: don't use skcipher 2018-10-10 14:44:16 +02:00
lib80211.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
Makefile cfg80211: ship certificates as hex files 2017-12-19 09:28:01 +01:00
mesh.c nl80211: Add SOCKET_OWNER support to JOIN_MESH 2018-03-29 10:38:24 +02:00
mlme.c cfg80211: add missing constraint for user-supplied VHT mask 2018-11-09 08:55:32 +01:00
nl80211.c cfg80211/mac80211: fix FTM settings across CSA 2018-11-09 08:56:58 +01:00
nl80211.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
ocb.c
of.c cfg80211: support ieee80211-freq-limit DT property 2017-01-06 14:01:13 +01:00
radiotap.c cfg80211: add radiotap VHT info to rtap_namespace_sizes 2016-02-24 09:04:41 +01:00
rdev-ops.h cfg80211: support FTM responder configuration/statistics 2018-10-02 09:56:30 +02:00
reg.c Merge remote-tracking branch 'net-next/master' into mac80211-next 2018-10-08 09:48:36 +02:00
reg.h cfg80211: implement regdb signature checking 2017-10-11 14:24:24 +02:00
scan.c cfg80211: Address some corner cases in scan result channel updating 2018-09-10 09:13:09 +02:00
sme.c cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces 2018-11-09 09:11:47 +01:00
sysfs.c cfg80211: track time using boottime 2018-06-29 09:49:28 +02:00
sysfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace.c
trace.h cfg80211: sort tracing properly 2018-10-02 09:59:07 +02:00
util.c cfg80211: Fix busy loop regression in ieee80211_ie_split_ric() 2018-12-05 12:51:29 +01:00
wext-compat.c cfg80211: fix wext-compat memory leak 2018-10-01 09:11:36 +02:00
wext-compat.h
wext-core.c net: Don't take rtnl_lock() in wireless_nlevent_flush() 2018-03-29 13:47:53 -04:00
wext-priv.c
wext-proc.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
wext-sme.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wext-spy.c