linux/net/wireless
Kees Cook ed74398642 wifi: nl80211: Avoid address calculations via out of bounds array indexing
[ Upstream commit 838c7b8f1f ]

Before request->channels[] can be used, request->n_channels must be set.
Additionally, address calculations for memory after the "channels" array
need to be calculated from the allocation base ("request") rather than
via the first "out of bounds" index of "channels", otherwise run-time
bounds checking will throw a warning.

Reported-by: Nathan Chancellor <nathan@kernel.org>
Fixes: e3eac9f32e ("wifi: cfg80211: Annotate struct cfg80211_scan_request with __counted_by")
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Link: https://msgid.link/20240424220057.work.819-kees@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-06-12 11:11:48 +02:00
..
certs wifi: cfg80211: fix certs build to not depend on file order 2024-01-01 12:42:39 +00:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
ap.c wifi: nl80211: add MLO_LINK_ID to CMD_STOP_AP event 2023-02-14 12:09:17 +01:00
chan.c wifi: cfg80211: move puncturing bitmap validation from mac80211 2023-02-14 12:09:18 +01:00
core.c wifi: cfg80211: fix wiphy delayed work queueing 2024-02-23 09:25:12 +01:00
core.h wifi: cfg80211: fix CQM for non-range use 2024-01-05 15:19:44 +01:00
debugfs.c wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() 2022-08-25 10:04:46 +02:00
debugfs.h
ethtool.c wifi: cfg80211: use strscpy to replace strlcpy 2022-07-15 11:43:12 +02:00
ibss.c wifi: cfg80211: remove support for static WEP 2023-01-18 17:31:44 +01:00
Kconfig cfg80211: select CONFIG_CRC32 2021-01-05 15:50:36 -08:00
lib80211_crypt_ccmp.c wifi: use struct_group to copy addresses 2022-09-03 16:40:06 +02:00
lib80211_crypt_tkip.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211_crypt_wep.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211.c lib80211: Remove unused macro DRV_NAME 2020-09-18 11:53:00 +02:00
Makefile cfg80211: fix CONFIG_CFG80211_EXTRA_REGDB_KEYDIR typo 2022-03-01 14:10:14 +01:00
mesh.c wifi: cfg80211: do some rework towards MLO link APIs 2022-06-20 12:54:58 +02:00
mlme.c wifi: cfg80211: fix assoc response warning on failed links 2023-10-23 13:25:30 +02:00
nl80211.c wifi: nl80211: Avoid address calculations via out of bounds array indexing 2024-06-12 11:11:48 +02:00
nl80211.h wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() 2023-08-22 21:40:40 +02:00
ocb.c wifi: cfg80211: ocb: don't leave if not joined 2023-08-22 21:40:39 +02:00
of.c
pmsr.c wifi: cfg80211: Annotate struct cfg80211_pmsr_request with __counted_by 2023-08-22 13:18:16 +02:00
radiotap.c mac80211: Use flex-array for radiotap header bitmap 2021-08-13 09:58:25 +02:00
rdev-ops.h wifi: cfg80211: add inform_bss op to update BSS 2023-06-19 12:05:28 +02:00
reg.c wifi: nl80211/reg: add no-EHT regulatory flag 2023-06-21 14:01:29 +02:00
reg.h cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
scan.c wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update 2024-02-05 20:14:34 +00:00
sme.c wifi: cfg80211/nl80211: Add support to indicate STA MLD setup links removal 2023-06-19 12:08:40 +02:00
sysfs.c wifi: cfg80211: add flush functions for wiphy work 2023-11-20 11:58:54 +01:00
sysfs.h
trace.c
trace.h wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class 2024-06-12 11:11:22 +02:00
util.c wifi: cfg80211: check A-MSDU format more carefully 2024-04-13 13:07:32 +02:00
wext-compat.c wifi: cfg80211: remove support for static WEP 2023-01-18 17:31:44 +01:00
wext-compat.h wifi: cfg80211: Avoid clashing function prototypes 2022-11-16 11:31:47 +02:00
wext-core.c wifi: cfg80211: add a flag to disable wireless extensions 2024-04-03 15:28:54 +02:00
wext-priv.c
wext-proc.c
wext-sme.c wifi: cfg80211: wext: hold wiphy lock in siwgenie 2023-06-07 19:53:11 +02:00
wext-spy.c wireless: wext-spy: Fix out-of-bounds warning 2021-06-23 10:57:17 +02:00