]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit
projects / mirror_ubuntu-zesty-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: de0a660) | patch
cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
authorSrinivas Dasari <dasaris@qti.qualcomm.com>
Thu, 6 Jul 2017 22:43:42 +0000 (01:43 +0300)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Fri, 11 Aug 2017 10:37:04 +0000 (12:37 +0200)
commit2b932fe452697f2bda547b2cdeec33475cec96eb
tree2d1956c73e17de4ed99e37419f8d7fa449ddb472tree
parentde0a660dc0033a8ea1748f33855c9d1daa84f4c6commit | diff
cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES

BugLink: http://bugs.launchpad.net/bugs/1705707
commit d7f13f7450369281a5d0ea463cc69890a15923ae upstream.

validate_scan_freqs() retrieves frequencies from attributes
nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
nla_get_u32(), which reads 4 bytes from each attribute
without validating the size of data received. Attributes
nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.

Validate size of each attribute before parsing to avoid potential buffer
overread.

Fixes: 2a519311926 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
net/wireless/nl80211.c diff | blob | blame | history
ubuntu-zesty-kernel mirror