| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jan 2022 09:33:08 +0800
From: Jiasheng Jiang <jiasheng@...as.ac.cn>
To: johannes@...solutions.net, davem@...emloft.net, kuba@...nel.org
Cc: linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, Jiasheng Jiang <jiasheng@...as.ac.cn>
Subject: [PATCH v2] mac80211: mlme: check for null after calling kmemdup
As the possible failure of the alloc, the ifmgd->assoc_req_ies might be
NULL pointer returned from kmemdup().
Therefore it might be better to free the skb and return in order to fail
the association, like ieee80211_assoc_success().
Fixes: 4d9ec73d2b78 ("cfg80211: Report Association Request frame IEs in association events")
Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
---
v2: Change to fail the association if kmemdup returns NULL.
---
net/mac80211/mlme.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 9bed6464c5bd..b5dfdf953286 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1058,6 +1058,11 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
pos = skb_tail_pointer(skb);
kfree(ifmgd->assoc_req_ies);
ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
+ if (!ifmgd->assoc_req_ies) {
+ dev_kfree_skb(skb);
+ return;
+ }
+
ifmgd->assoc_req_ies_len = pos - ie_start;
drv_mgd_prepare_tx(local, sdata, 0);
--
2.25.1
Powered by blists - more mailing lists