| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Dec 2021 18:03:11 +0800
From: Jiasheng Jiang <jiasheng@...as.ac.cn>
To: johannes@...solutions.net, davem@...emloft.net, kuba@...nel.org
Cc: linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, Jiasheng Jiang <jiasheng@...as.ac.cn>
Subject: [PATCH] mac80211: mlme: check for null after calling kmemdup
As the possible failure of the alloc, the ifmgd->assoc_req_ies might be
NULL pointer and will be used by cfg80211_rx_assoc_resp() with the wrong
length.
Therefore it might be better to set length to 0 if fails as same as
ieee80211_mgd_stop().
Fixes: 4d9ec73d2b78 ("cfg80211: Report Association Request frame IEs in association events")
Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
---
net/mac80211/mlme.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 9bed6464c5bd..258b492c699c 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1058,7 +1058,10 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
pos = skb_tail_pointer(skb);
kfree(ifmgd->assoc_req_ies);
ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
- ifmgd->assoc_req_ies_len = pos - ie_start;
+ if (!ifmgd->assoc_req_ies)
+ ifmgd->assoc_req_ies_len = 0;
+ else
+ ifmgd->assoc_req_ies_len = pos - ie_start;
drv_mgd_prepare_tx(local, sdata, 0);
--
2.25.1
Powered by blists - more mailing lists