openwrtv3/package/kernel/mac80211/patches/385-cfg80211-nl80211_update_ft_ies-to-validate-NL80211_A.patch

From: Arunk Khandavalli <akhandav@codeaurora.org>
Date: Thu, 30 Aug 2018 00:40:16 +0300
Subject: [PATCH] cfg80211: nl80211_update_ft_ies() to validate
 NL80211_ATTR_IE

nl80211_update_ft_ies() tried to validate NL80211_ATTR_IE with
is_valid_ie_attr() before dereferencing it, but that helper function
returns true in case of NULL pointer (i.e., attribute not included).
This can result to dereferencing a NULL pointer. Fix that by explicitly
checking that NL80211_ATTR_IE is included.

Fixes: 355199e02b83 ("cfg80211: Extend support for IEEE 802.11r Fast BSS Transition")
Signed-off-by: Arunk Khandavalli <akhandav@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -11763,6 +11763,7 @@ static int nl80211_update_ft_ies(struct
 		return -EOPNOTSUPP;
 
 	if (!info->attrs[NL80211_ATTR_MDID] ||
+	    !info->attrs[NL80211_ATTR_IE] ||
 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
 		return -EINVAL;
mac80211: backport upstream fixes Backport most significant upstream fixes (excl. hwsim fixes) Refreshed all patches. Contains important fixes for CSA (Channel Switch Announcement) and A-MSDU frames. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> 2018-09-04 13:09:48 +00:00			`From: Arunk Khandavalli <akhandav@codeaurora.org>`
			`Date: Thu, 30 Aug 2018 00:40:16 +0300`
			`Subject: [PATCH] cfg80211: nl80211_update_ft_ies() to validate`
			`NL80211_ATTR_IE`

			`nl80211_update_ft_ies() tried to validate NL80211_ATTR_IE with`
			`is_valid_ie_attr() before dereferencing it, but that helper function`
			`returns true in case of NULL pointer (i.e., attribute not included).`
			`This can result to dereferencing a NULL pointer. Fix that by explicitly`
			`checking that NL80211_ATTR_IE is included.`

			`Fixes: 355199e02b83 ("cfg80211: Extend support for IEEE 802.11r Fast BSS Transition")`
			`Signed-off-by: Arunk Khandavalli <akhandav@codeaurora.org>`
			`Signed-off-by: Jouni Malinen <jouni@codeaurora.org>`
			`Signed-off-by: Johannes Berg <johannes.berg@intel.com>`
			`---`

			`--- a/net/wireless/nl80211.c`
			`+++ b/net/wireless/nl80211.c`
			`@@ -11763,6 +11763,7 @@ static int nl80211_update_ft_ies(struct`
			`return -EOPNOTSUPP;`

			`if (!info->attrs[NL80211_ATTR_MDID] \|\|`
			`+ !info->attrs[NL80211_ATTR_IE] \|\|`
			`!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))`
			`return -EINVAL;`