| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Mar 2019 11:30:41 -0700
From: Brian Norris <briannorris@...omium.org>
To: Kangjie Lu <kjlu@....edu>
Cc: pakki001@....edu, Amitkumar Karwar <amitkarwar@...il.com>,
Nishant Sarmukadam <nishants@...vell.com>,
Ganapathi Bhat <gbhat@...vell.com>,
Xinming Hu <huxinming820@...il.com>,
Kalle Valo <kvalo@...eaurora.org>,
"David S. Miller" <davem@...emloft.net>,
linux-wireless <linux-wireless@...r.kernel.org>,
"<netdev@...r.kernel.org>" <netdev@...r.kernel.org>,
Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] net: mwifiex: fix a missing check of ssid
On Sat, Mar 23, 2019 at 3:34 PM Kangjie Lu <kjlu@....edu> wrote:
> sme->ssid may be invalid and thus should be checked.
Under what conditions are you seeing this? I see that brcmfmac, for
one, also has a similar check, but IIUC, the connect API always
pre-checks that there's an SSID provided:
static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
{
struct cfg80211_registered_device *rdev = info->user_ptr[0];
struct net_device *dev = info->user_ptr[1];
struct cfg80211_connect_params connect;
struct wiphy *wiphy;
struct cfg80211_cached_keys *connkeys = NULL;
int err;
memset(&connect, 0, sizeof(connect));
if (!info->attrs[NL80211_ATTR_SSID] ||
!nla_len(info->attrs[NL80211_ATTR_SSID]))
return -EINVAL;
...
connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
So this patch shouldn't be necessary.
Perhaps I'm missing something though.
Regards,
Brian
Powered by blists - more mailing lists