OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1140afa862
linux/net
History
Stanislaw Gruszka 1140afa862 mac80211: fix rx->key NULL pointer dereference in promiscuous mode 
Since:

commit 816c04fe7e
Author: Christian Lamparter <chunkeey@googlemail.com>
Date:   Sat Apr 30 15:24:30 2011 +0200

    mac80211: consolidate MIC failure report handling

is possible to that we dereference rx->key == NULL when driver set
RX_FLAG_MMIC_STRIPPED and not RX_FLAG_IV_STRIPPED and we are in
promiscuous mode. This happen with rt73usb and rt61pci at least.

Before the commit we always check rx->key against NULL, so I assume
fix should be done in mac80211 (also mic_fail path has similar check).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=769766
http://rt2x00.serialmonkey.com/pipermail/users_rt2x00.serialmonkey.com/2012-January/004395.html

Cc: stable@vger.kernel.org # 3.0+
Reported-by: Stuart D Gathman <stuart@gathman.org>
Reported-by: Kai Wohlfahrt <kai.scorpio@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-01-11 15:14:50 -05:00
..
9p
802
8021q vlan: static functions 2011-12-14 02:39:30 -05:00
appletalk
atm
ax25 ax25: avoid overflows in ax25_setsockopt() 2011-12-28 14:08:08 -05:00
batman-adv batman-adv: Fix merge error. 2011-12-16 15:07:28 -05:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next 2012-01-10 15:44:17 -05:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-23 17:13:56 -05:00
caif net: fix assignment of 0/1 to bool variables. 2011-12-19 22:27:29 -05:00
can
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2011-12-13 14:59:42 -08:00
core net: Fix build with INET disabled. 2012-01-09 13:44:23 -08:00
dcb
dccp module_param: make bool parameters really bool (net & drivers/net) 2011-12-19 22:27:29 -05:00
decnet ipv6: Use universal hash for NDISC. 2011-12-28 15:06:58 -05:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa
econet
ethernet
ieee802154
ipv4 igmp: Avoid zero delay when receiving odd mixture of IGMP queries 2012-01-09 14:06:46 -08:00
ipv6 ipv6/addrconf: speedup /proc/net/if_inet6 filling 2012-01-04 16:00:57 -05:00
ipx
irda irda: use msecs_to_jiffies() rather than manual calculation 2011-12-21 15:46:22 -05:00
iucv af_iucv: get rid of state IUCV_SEVERED 2011-12-20 14:05:03 -05:00
key net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
l2tp
lapb
llc llc: llc_cmsg_rcv was getting called after sk_eat_skb. 2011-12-19 15:58:52 -05:00
mac80211 mac80211: fix rx->key NULL pointer dereference in promiscuous mode 2012-01-11 15:14:50 -05:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-01-02 18:56:49 -05:00
netlabel net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
netlink genetlink: add auto module loading 2011-12-28 13:48:55 -05:00
netrom netrom: avoid overflows in nr_setsockopt() 2011-12-28 14:08:08 -05:00
nfc NFC: Export a new attribute nfcid1 in target info 2012-01-04 14:30:43 -05:00
openvswitch
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-30 13:04:14 -05:00
phonet
rds
rfkill Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-01-05 10:13:24 -05:00
rose
rxrpc net: fix assignment of 0/1 to bool variables. 2011-12-19 22:27:29 -05:00
sched net_sched: red: split red_parms into parms and vars 2012-01-05 14:01:21 -05:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-23 17:13:56 -05:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-23 17:13:56 -05:00
tipc tipc: rename struct bearer_name to struct tipc_bearer_names 2011-12-29 21:53:30 -05:00
unix net: Default UDP and UNIX diag to 'n'. 2012-01-07 12:13:06 -08:00
wanrouter
wimax
wireless nl80211: fix old station flags compatibility 2012-01-11 15:14:50 -05:00
x25 net:x25: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-23 17:13:56 -05:00
compat.c
Kconfig
Makefile
nonet.c
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-01-06 17:22:09 -08:00
sysctl_net.c