korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-05 01:54:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
ff05d4b45d
linux/net/mac80211
History
Johannes Berg ff05d4b45d wifi: mac80211: fix MBSSID parsing use-after-free 
When we parse a multi-BSSID element, we might point some
element pointers into the allocated nontransmitted_profile.
However, we free this before returning, causing UAF when the
relevant pointers in the parsed elements are accessed.

Fix this by not allocating the scratch buffer separately but
as part of the returned structure instead, that way, there
are no lifetime issues with it.

The scratch buffer introduction as part of the returned data
here is taken from MLO feature work done by Ilan.

This fixes CVE-2022-42719.

Fixes: 5023b14cf4 ("mac80211: support profile split between elements")
Co-developed-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-10-10 09:50:23 +02:00
..
aead_api.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aead_api.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_ccm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_cmac.c mac80211: aes_cmac: check crypto_shash_setkey() return value 2021-04-19 12:01:40 +02:00
aes_cmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gcm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gmac.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aes_gmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
agg-rx.c wifi: mac80211: fix multi-BSSID element parsing 2022-07-15 11:43:17 +02:00
agg-tx.c wifi: mac80211: expand ieee80211_mgmt_tx() for MLO 2022-07-22 14:28:35 +02:00
airtime.c wifi: mac80211: move some future per-link data to bss_conf 2022-06-20 12:55:01 +02:00
cfg.c wifi: mac80211: prevent 4-addr use on MLDs 2022-09-03 16:57:34 +02:00
chan.c wifi: mac80211: isolate driver from inactive links 2022-09-06 10:12:44 +02:00
debug.h wifi: mac80211: debug: omit link if non-MLO connection 2022-07-15 11:43:14 +02:00
debugfs_key.c wifi: mac80211: reorg some iface data structs for MLD 2022-06-20 12:55:06 +02:00
debugfs_key.h mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_netdev.c wifi: mac80211: implement link switching 2022-09-06 10:17:20 +02:00
debugfs_netdev.h
debugfs_sta.c wifi: mac80211: make sta airtime deficit field s32 instead of s64 2022-07-01 10:51:48 +02:00
debugfs_sta.h
debugfs.c wifi: mac80211: optionally implement MLO multicast TX 2022-07-22 14:28:36 +02:00
debugfs.h
driver-ops.c wifi: mac80211: isolate driver from inactive links 2022-09-06 10:12:44 +02:00
driver-ops.h wifi: mac80211: isolate driver from inactive links 2022-09-06 10:12:44 +02:00
eht.c wifi: cfg80211/mac80211: check EHT capability size correctly 2022-08-25 10:41:24 +02:00
ethtool.c wifi: mac80211: read ethtool's sta_stats from sinfo 2022-08-26 09:56:54 +02:00
fils_aead.c mac80211: fils: use cfg80211_find_ext_elem() 2021-10-21 17:01:16 +02:00
fils_aead.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
he.c wifi: mac80211: keep A-MSDU data in sta and per-link 2022-09-06 10:17:08 +02:00
ht.c wifi: mac80211: keep A-MSDU data in sta and per-link 2022-09-06 10:17:08 +02:00
ibss.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-01 12:58:02 -07:00
ieee80211_i.h wifi: mac80211: fix MBSSID parsing use-after-free 2022-10-10 09:50:23 +02:00
iface.c wifi: mac80211: implement link switching 2022-09-06 10:17:20 +02:00
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-01-28 09:29:34 +02:00
key.c wifi: mac80211: implement link switching 2022-09-06 10:17:20 +02:00
key.h wifi: mac80211: implement link switching 2022-09-06 10:17:20 +02:00
led.c mac80211: don't open-code LED manipulations 2021-06-23 11:29:12 +02:00
led.h mac80211: fix throughput LED trigger 2021-11-15 10:56:57 +01:00
link.c wifi: mac80211: implement link switching 2022-09-06 10:17:20 +02:00
main.c wifi: mac80211: Support POWERED_ADDR_CHANGE feature 2022-09-03 17:01:04 +02:00
Makefile wifi: mac80211: move link code to a new file 2022-09-03 17:02:25 +02:00
mesh_hwmp.c wifi: mac80211: fix multi-BSSID element parsing 2022-07-15 11:43:17 +02:00
mesh_pathtbl.c mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-04 15:11:49 +01:00
mesh_plink.c wifi: mac80211: fix up link station creation/insertion 2022-07-15 11:43:23 +02:00
mesh_ps.c mac80211: mesh: fix potentially unaligned access 2021-09-23 13:25:09 +02:00
mesh_sync.c mac80211: mesh: clean up rx_bcn_presp API 2021-09-23 16:26:33 +02:00
mesh.c wifi: mac80211: correct SMPS mode in HE 6 GHz capability 2022-08-26 09:56:36 +02:00
mesh.h mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-04 15:11:49 +01:00
michael.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
michael.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mlme.c wireless-next patches for v6.1 2022-09-30 10:07:31 -07:00
ocb.c wifi: mac80211: fix up link station creation/insertion 2022-07-15 11:43:23 +02:00
offchannel.c wifi: mac80211: expand ieee80211_mgmt_tx() for MLO 2022-07-22 14:28:35 +02:00
pm.c mac80211: Prevent AP probing during suspend 2021-10-21 17:27:51 +02:00
rate.c wifi: mac80211: make ieee80211_check_rate_mask() link-aware 2022-07-15 11:43:21 +02:00
rate.h wifi: mac80211: make ieee80211_check_rate_mask() link-aware 2022-07-15 11:43:21 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: show sampling rates in debugfs 2021-02-12 08:58:11 +01:00
rc80211_minstrel_ht.c wireless-next patches for v6.1 2022-09-30 10:07:31 -07:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: support ieee80211_rate_status 2022-05-16 10:07:58 +02:00
rx.c wireless-next patches for v6.1 2022-09-30 10:07:31 -07:00
s1g.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
scan.c drivers 2022-09-04 11:24:34 +01:00
spectmgmt.c wifi: mac80211: separate out connection downgrade flags 2022-07-15 11:43:14 +02:00
sta_info.c wifi: mac80211: keep A-MSDU data in sta and per-link 2022-09-06 10:17:08 +02:00
sta_info.h wifi: mac80211: keep A-MSDU data in sta and per-link 2022-09-06 10:17:08 +02:00
status.c wifi: mac80211: don't start TX with fq->lock to fix deadlock 2022-09-27 10:29:04 +02:00
tdls.c wifi: mac80211: optionally implement MLO multicast TX 2022-07-22 14:28:36 +02:00
tkip.c mac80211: Fix TKIP replay protection immediately after key setup 2020-01-15 09:52:12 +01:00
tkip.h Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
trace_msg.h mac80211: tracing: Use the new __vstring() helper 2022-07-24 19:11:17 -04:00
trace.c
trace.h wifi: mac80211: remove link_id parameter from link_info_changed() 2022-07-15 11:43:20 +02:00
tx.c wireless-next patches for v6.1 2022-09-30 10:07:31 -07:00
util.c wifi: mac80211: fix MBSSID parsing use-after-free 2022-10-10 09:50:23 +02:00
vht.c wifi: mac80211: keep A-MSDU data in sta and per-link 2022-09-06 10:17:08 +02:00
wep.c mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wep.h mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wme.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-07-14 15:27:35 -07:00
wme.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
wpa.c wifi: use struct_group to copy addresses 2022-09-03 16:40:06 +02:00
wpa.h wifi: mac80211: remove cipher scheme support 2022-06-10 15:35:53 +02:00