Luciano Coelho 6719429dd6 cfg80211: check vendor IE length to avoid overrun ... cfg80211_find_vendor_ie() was checking only that the vendor IE would fit in the remaining IEs buffer. If a corrupt includes a vendor IE that is too small, we could potentially overrun the IEs buffer. Fix this by checking that the vendor IE fits in the reported IE length field and skip it otherwise. Reported-by: Jouni Malinen <j@w1.fi> Signed-off-by: Luciano Coelho <coelho@ti.com> [change BUILD_BUG_ON to != 1 (from >= 2)] Signed-off-by: Johannes Berg <johannes.berg@intel.com>		2013-02-13 10:14:17 +01:00
..
.gitignore	wireless: support internal statically compiled regulatory database	2009-12-21 18:56:10 -05:00
ap.c	cfg80211: move some AP code to right file	2013-01-03 13:01:40 +01:00
chan.c	cfg80211: adjacent 80+80 MHz channel segments are invalid	2013-01-03 13:01:32 +01:00
core.c	cfg80211: pass wiphy to cfg80211_ref_bss/put_bss	2013-02-11 18:44:52 +01:00
core.h	cfg80211: track hidden SSID networks properly	2013-02-11 18:44:57 +01:00
db.txt	wireless: support internal statically compiled regulatory database	2009-12-21 18:56:10 -05:00
debugfs.c	simple_open: automatically convert to simple_open()	2012-04-05 15:25:50 -07:00
debugfs.h	cfg80211/mac80211: use debugfs_remove_recursive	2009-10-30 16:49:18 -04:00
ethtool.c	cfg80211: add wrappers for registered_device_ops	2012-10-18 10:53:37 +02:00
ethtool.h	net/wireless/ethtool.h: drop unnecessary include of linux/ethtool.h	2009-10-07 16:39:49 -04:00
genregdb.awk	cfg80211: relicense reg.c reg.h and genregdb.awk to ISC	2012-01-04 14:30:41 -05:00
ibss.c	cfg80211: pass wiphy to cfg80211_ref_bss/put_bss	2013-02-11 18:44:52 +01:00
Kconfig	lib80211: hide Kconfig symbol	2012-11-16 14:29:09 -05:00
lib80211_crypt_ccmp.c	net: Convert net_ratelimit uses to net_<level>_ratelimited	2012-05-15 13:45:03 -04:00
lib80211_crypt_tkip.c	net: Convert net_ratelimit uses to net_<level>_ratelimited	2012-05-15 13:45:03 -04:00
lib80211_crypt_wep.c	wireless: Remove unnecessary OOM logging messages	2011-09-13 15:45:02 -04:00
lib80211.c	lib80211: remove exports for functions not called by other modules	2011-08-09 15:42:36 -04:00
Makefile	cfg80211: add tracing to rdev-ops	2012-10-18 10:53:37 +02:00
mesh.c	{cfg,nl}80211: mesh power mode primitives and userspace access	2013-01-16 22:48:04 +01:00
mlme.c	cfg80211: pass wiphy to cfg80211_ref_bss/put_bss	2013-02-11 18:44:52 +01:00
nl80211.c	nl80211: add packet offset information for wowlan pattern	2013-02-13 10:09:48 +01:00
nl80211.h	cfg80211: pass a channel definition struct	2012-11-26 12:42:58 +01:00
radiotap.c	wireless: add radiotap A-MPDU status field	2012-08-20 13:53:09 +02:00
rdev-ops.h	cfg80211/nl80211: add API for MAC address ACLs	2013-01-25 18:36:44 +01:00
reg.c	cfg80211: Fix memory leak	2013-02-11 18:44:41 +01:00
reg.h	regulatory: use RCU to protect global and wiphy regdomains	2013-01-03 13:01:29 +01:00
regdb.h	cfg80211: relicense reg.c reg.h and genregdb.awk to ISC	2012-01-04 14:30:41 -05:00
scan.c	cfg80211: check vendor IE length to avoid overrun	2013-02-13 10:14:17 +01:00
sme.c	cfg80211: pass wiphy to cfg80211_ref_bss/put_bss	2013-02-11 18:44:52 +01:00
sysfs.c	cfg80211: move locking into cfg80211_bss_age	2013-02-04 18:57:43 +01:00
sysfs.h
trace.c	cfg80211: add tracing to rdev-ops	2012-10-18 10:53:37 +02:00
trace.h	cfg80211/mac80211: support reporting wakeup reason	2013-01-31 14:00:21 +01:00
util.c	cfg80211: fix radar check for P2P_DEVICE	2013-02-11 18:44:45 +01:00
wext-compat.c	wext: explicitly cast -110 to u8	2012-12-07 11:58:26 +01:00
wext-compat.h	cfg80211: remove unused wext handler exports	2011-08-08 14:26:29 -04:00
wext-core.c	wext: include wireless event id when it has a size problem	2012-09-05 16:12:44 +02:00
wext-priv.c	wext: fix potential private ioctl memory content leak	2010-09-20 13:41:40 -04:00
wext-proc.c	net: spread __net_init, __net_exit	2010-01-17 19:16:02 -08:00
wext-sme.c	cfg80211: fix BSS struct IE access races	2012-11-30 13:42:20 +01:00
wext-spy.c	wireless: Convert compare_ether_addr to ether_addr_equal	2012-05-09 20:49:19 -04:00