diff options
| author |   Johannes Berg <johannes.berg@intel.com> | 2022-10-13 11:59:16 +0200 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2022-10-13 11:59:56 +0200 |
| commit | e7ad651c31c5e1289323e6c680be6e582a593b26 (patch) | |
| tree | 7170b192203a8fafc16ccee7ce79d475d8df0272 /net/mac80211/rx.c | |
| parent | wifi: ath11k: mac: fix reading 16 bytes from a region of size 0 warning (diff) | |
| parent | wifi: cfg80211: update hidden BSSes to avoid WARN_ON (diff) | |
| download | linux-dev-e7ad651c31c5e1289323e6c680be6e582a593b26.tar.xz linux-dev-e7ad651c31c5e1289323e6c680be6e582a593b26.zip | |
Merge branch 'cve-fixes-2022-10-13'
Pull in the fixes for various scan parsing bugs found by
Sönke Huster by fuzzing.
Diffstat (limited to 'net/mac80211/rx.c')
| -rw-r--r-- | net/mac80211/rx.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 589521717c35..f99416d2e144 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1978,10 +1978,11 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) if (mmie_keyidx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS || mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS + - NUM_DEFAULT_BEACON_KEYS) { - cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev, - skb->data, - skb->len); + NUM_DEFAULT_BEACON_KEYS) { + if (rx->sdata->dev) + cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev, + skb->data, + skb->len); return RX_DROP_MONITOR; /* unexpected BIP keyidx */ } @@ -2131,7 +2132,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) /* either the frame has been decrypted or will be dropped */ status->flag |= RX_FLAG_DECRYPTED; - if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE)) + if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE && + rx->sdata->dev)) cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev, skb->data, skb->len); |