Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-10-24 14:10:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
bcca852027
linux/net/wireless
History
Johannes Berg bcca852027 wifi: cfg80211: avoid nontransmitted BSS list corruption 
If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.

Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.

This fixes CVE-2022-42721.

Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb8235b ("cfg80211: Parsing of Multiple BSSID information in scanning")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-10-10 09:51:01 +02:00
..
certs
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
ap.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
chan.c wifi: nl80211: relax wdev mutex check in wdev_chandef() 2022-07-01 11:42:58 +02:00
core.c wifi: cfg80211/mac80211: check EHT capability size correctly 2022-08-25 10:41:24 +02:00
core.h wifi: cfg80211: clean up links appropriately 2022-07-15 11:43:18 +02:00
debugfs.c wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() 2022-08-25 10:04:46 +02:00
debugfs.h
ethtool.c wifi: cfg80211: use strscpy to replace strlcpy 2022-07-15 11:43:12 +02:00
ibss.c wifi: cfg80211: Add link_id parameter to various key operations for MLO 2022-08-25 10:41:05 +02:00
Kconfig cfg80211: select CONFIG_CRC32 2021-01-05 15:50:36 -08:00
lib80211_crypt_ccmp.c wifi: use struct_group to copy addresses 2022-09-03 16:40:06 +02:00
lib80211_crypt_tkip.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211_crypt_wep.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211.c lib80211: Remove unused macro DRV_NAME 2020-09-18 11:53:00 +02:00
Makefile cfg80211: fix CONFIG_CFG80211_EXTRA_REGDB_KEYDIR typo 2022-03-01 14:10:14 +01:00
mesh.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
mlme.c wifi: cfg80211/nl80211: move rx management data into a struct 2022-07-22 14:28:26 +02:00
nl80211.c drivers 2022-09-04 11:24:34 +01:00
nl80211.h wifi: cfg80211/nl80211: move rx management data into a struct 2022-07-22 14:28:26 +02:00
ocb.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
of.c
pmsr.c cfg80211: pmsr: remove useless ifdef guards 2022-02-04 16:26:16 +01:00
radiotap.c mac80211: Use flex-array for radiotap header bitmap 2021-08-13 09:58:25 +02:00
rdev-ops.h wifi: cfg80211: Add link_id parameter to various key operations for MLO 2022-08-25 10:41:05 +02:00
reg.c wifi: cfg80211: get correct AP link chandef 2022-08-25 10:40:52 +02:00
reg.h cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
scan.c wifi: cfg80211: avoid nontransmitted BSS list corruption 2022-10-10 09:51:01 +02:00
sme.c Various updates: 2022-08-26 11:56:55 +01:00
sysfs.c cfg80211: shut down interfaces on failed resume 2021-06-09 16:09:20 +02:00
sysfs.h
trace.c
trace.h wifi: cfg80211: Add link_id to cfg80211_ch_switch_started_notify() 2022-08-25 11:07:26 +02:00
util.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-29 14:30:51 -07:00
wext-compat.c wifi: cfg80211: Add link_id parameter to various key operations for MLO 2022-08-25 10:41:05 +02:00
wext-compat.h
wext-core.c wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-01-26 11:59:42 +01:00
wext-priv.c
wext-proc.c
wext-sme.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
wext-spy.c wireless: wext-spy: Fix out-of-bounds warning 2021-06-23 10:57:17 +02:00