iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Petr Štetiar 1f951a7f8b mac80211: fix NULL pointer dereference in ieee80211_key_alloc() 
The ieee80211_key struct can be kfree()d several times in the function, for
example if some of the key setup functions fails beforehand, but there's no
check if the struct is still valid before we call memcpy() and INIT_LIST_HEAD()
on it.  In some cases (like it was in my case), if there's missing aes-generic
module it could lead to the following kernel OOPS:

	Unable to handle kernel NULL pointer dereference at virtual address 0000018c
	....
	PC is at memcpy+0x80/0x29c
	...
	Backtrace:
	[<bf11c5e4>] (ieee80211_key_alloc+0x0/0x234 [mac80211]) from [<bf1148b4>] (ieee80211_add_key+0x70/0x12c [mac80211])
	[<bf114844>] (ieee80211_add_key+0x0/0x12c [mac80211]) from [<bf070cc0>] (__cfg80211_set_encryption+0x2a8/0x464 [cfg80211])

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-03-28 15:42:02 -04:00
..
9p
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-03-16 16:29:25 -07:00
802
net/802: add __rcu annotations
2010-10-25 13:09:44 -07:00
8021q
vlan: should take into account needed_headroom
2011-03-18 15:13:12 -07:00
appletalk
appletalk: remove the BKL
2011-03-05 10:55:57 +01:00
atm
ipv4: Create and use route lookup helpers.
2011-03-12 15:08:42 -08:00
ax25
net: ax25: fix information leak to userland harder
2011-01-12 00:34:49 -08:00
batman-adv
Merge branch 'batman-adv/next' of git://git.open-mesh.org/ecsv/linux-merge
2011-03-07 00:37:13 -08:00
bluetooth
Bluetooth: Fix warning with hci_cmd_timer
2011-03-24 17:04:44 -03:00
bridge
bridge: Reset IPCB when entering IP stack on NF_FORWARD
2011-03-18 15:13:12 -07:00
caif
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-02-08 17:19:01 -08:00
can
can: test size of struct sockaddr in sendmsg
2011-01-15 20:56:42 -08:00
ceph
libceph: fix msgr standby handling
2011-03-04 12:25:05 -08:00
core
ethtool: __ethtool_set_sg: check for function pointer before using it
2011-03-18 15:13:10 -07:00
dcb
net: dcbnl: Update copyright dates
2011-03-14 17:02:42 -07:00
dccp
net: Put fl6_* macros to struct flowi6 and use them again.
2011-03-12 15:08:55 -08:00
decnet
decnet: Convert to use flowidn where applicable.
2011-03-12 15:08:55 -08:00
dns_resolver
DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076]
2011-03-04 09:56:19 +11:00
dsa
dsa/mv88e6060: support nonzero mii base address
2011-03-08 14:24:20 -08:00
econet
econet: 4 byte infoleak to the network
2011-03-18 15:12:15 -07:00
ethernet
eth: fix new kernel-doc warning
2011-01-12 19:00:40 -08:00
ieee802154
net: RCU conversion of dev_getbyhwaddr() and arp_ioctl()
2010-12-08 10:07:24 -08:00
ipv4
netfilter: ipt_CLUSTERIP: fix buffer overflow
2011-03-20 15:42:52 +01:00
ipv6
netfilter: xtables: fix reentrancy
2011-03-20 15:40:06 +01:00
ipx
ipx: remove the BKL
2011-03-05 10:55:58 +01:00
irda
tty: now phase out the ioctl file pointer for good
2011-02-17 11:59:56 -08:00
iucv
[S390] irq: have detailed statistics for interrupt types
2011-01-05 12:47:25 +01:00
key
pfkey: fix warning
2011-03-01 22:51:52 -08:00
l2tp
ipv4: Create and use route lookup helpers.
2011-03-12 15:08:42 -08:00
lapb
Net: lapb: Makefile: Remove deprecated kbuild goal definitions
2010-11-22 08:16:14 -08:00
llc
llc: avoid skb_clone() if there is only one handler
2011-02-28 12:28:50 -08:00
mac80211
mac80211: fix NULL pointer dereference in ieee80211_key_alloc()
2011-03-28 15:42:02 -04:00
netfilter
netfilter: ipset: fix checking the type revision at create command
2011-03-20 15:35:01 +01:00
netlabel
netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms
2011-03-03 10:55:40 -08:00
netlink
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-03-03 21:27:42 -08:00
netrom
packet
af_packet: struct socket declared/assigned but unused
2011-03-07 15:51:13 -08:00
phonet
Phonet: fix aligned-mode pipe socket buffer header reserve
2011-03-15 14:55:49 -07:00
rds
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-03-16 16:29:25 -07:00
rfkill
kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT
2011-01-20 17:02:05 -08:00
rose
ROSE: AX25: finding routes simplification
2011-02-14 13:33:49 -08:00
rxrpc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-03-16 16:29:25 -07:00
sched
ipv4: Remove flowi from struct rtable.
2011-03-04 21:55:31 -08:00
sctp
ipv6: Convert to use flowi6 where applicable.
2011-03-12 15:08:54 -08:00
sunrpc
Merge branch 'nfs-for-2.6.39' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6
2011-03-17 17:40:00 -07:00
tipc
tipc: delete extra semicolon blocking node deletion
2011-03-14 12:21:12 -04:00
unix
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-03-16 16:29:25 -07:00
wanrouter
net: cleanup unused macros in net directory
2011-01-19 23:20:04 -08:00
wimax
wireless
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem
2011-03-15 14:16:48 -04:00
x25
x25: remove the BKL
2011-03-05 10:55:45 +01:00
xfrm
xfrm: Refcount destination entry on xfrm_lookup
2011-03-16 12:55:36 -07:00
compat.c
net: Limit socket I/O iovec total length to INT_MAX.
2010-10-28 11:47:52 -07:00
Kconfig
net: RPS: Enable hardware acceleration of RFS
2011-01-24 14:53:01 -08:00
Makefile
net: Enter net/ipv6/ even if CONFIG_IPV6=n
2011-03-07 12:50:52 -08:00
nonet.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
socket.c
ethtool: Compat handling for struct ethtool_rxnfc
2011-03-18 15:13:11 -07:00
sysctl_net.c
TUNABLE