OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/wireless
History
Johannes Berg 68dd02d19c dev_ioctl: copy only the smaller struct iwreq for wext 
Unfortunately, struct iwreq isn't a proper subset of struct ifreq,
but is still handled by the same code path. Robert reported that
then applications may (randomly) fault if the struct iwreq they
pass happens to land within 8 bytes of the end of a mapping (the
struct is only 32 bytes, vs. struct ifreq's 40 bytes).

To fix this, pull out the code handling wireless extension ioctls
and copy only the smaller structure in this case.

This bug goes back a long time, I tracked that it was introduced
into mainline in 2.1.15, over 20 years ago!

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=195869

Reported-by: Robert O'Callahan <robert@ocallahan.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2017-06-14 13:52:44 +02:00
..
.gitignore
Kconfig
Makefile For 4.11, we seem to have more than in the past few releases: 2017-01-14 12:02:15 -05:00
ap.c cfg80211: Make pre-CAC results valid only for ETSI domain 2017-03-06 13:54:15 +01:00
chan.c cfg80211: Share Channel DFS state across wiphys of same DFS domain 2017-03-06 13:54:20 +01:00
core.c cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
core.h cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
db.txt
debugfs.c cfg80211 debugfs: Cleanup some checkpatch issues 2017-02-08 09:15:59 +01:00
debugfs.h
ethtool.c
genregdb.awk
ibss.c cfg80211: Make pre-CAC results valid only for ETSI domain 2017-03-06 13:54:15 +01:00
lib80211.c
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
mesh.c cfg80211: Make pre-CAC results valid only for ETSI domain 2017-03-06 13:54:15 +01:00
mlme.c cfg80211: Use a structure to pass connect response params 2017-03-31 08:31:26 +02:00
nl80211.c nl80211: correctly validate MU-MIMO groups 2017-05-08 11:24:34 +02:00
nl80211.h cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss() 2017-04-28 12:28:44 +02:00
ocb.c
of.c cfg80211: support ieee80211-freq-limit DT property 2017-01-06 14:01:13 +01:00
radiotap.c
rdev-ops.h cfg80211: add request id parameter to .sched_scan_stop() signature 2017-04-26 23:17:40 +02:00
reg.c cfg80211: Fix dfs state propagation for non-DFS center channel 2017-04-25 21:42:52 +02:00
reg.h cfg80211: Share Channel DFS state across wiphys of same DFS domain 2017-03-06 13:54:20 +01:00
regdb.h
scan.c cfg80211: make cfg80211_sched_scan_results() work from atomic context 2017-05-23 14:36:46 +02:00
sme.c cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss() 2017-04-28 12:28:44 +02:00
sysfs.c cfg80211: check rdev resume callback only for registered wiphy 2017-03-29 09:11:29 +02:00
sysfs.h
trace.c
trace.h cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
util.c mac80211: strictly check mesh address extension mode 2017-05-17 14:24:29 +02:00
wext-compat.c cfg80211: move add/change interface monitor flags into params 2017-04-13 13:41:38 +02:00
wext-compat.h
wext-core.c dev_ioctl: copy only the smaller struct iwreq for wext 2017-06-14 13:52:44 +02:00
wext-priv.c
wext-proc.c
wext-sme.c cfg80211: wext does not need to set monitor channel in managed mode 2017-01-11 14:10:44 +01:00
wext-spy.c