mac80211: fix a potential NULL access in ieee80211_crypto_hw_decrypt - openslx/kernel-qcow2-linux.git

diff options

author	Max Stepanov	2014-07-09 15:55:32 +0200
committer	Johannes Berg	2014-07-21 12:34:08 +0200
commit	aeb136c5b433377324f030b1a50b96eb7a99193b (patch)
tree	cbebda7a6a91bf5e6edc4b48ad3cbe29977288e1 /net/mac80211/key.c
parent	wireless: fixup genregdb.awk for remove of antenna gain from wireless-regd (diff)
download	kernel-qcow2-linux-aeb136c5b433377324f030b1a50b96eb7a99193b.tar.gz kernel-qcow2-linux-aeb136c5b433377324f030b1a50b96eb7a99193b.tar.xz kernel-qcow2-linux-aeb136c5b433377324f030b1a50b96eb7a99193b.zip

mac80211: fix a potential NULL access in ieee80211_crypto_hw_decrypt

The NULL pointer access could happen when ieee80211_crypto_hw_decrypt is called from ieee80211_rx_h_decrypt with the following condition: 1. rx->key->conf.cipher is not WEP, CCMP, TKIP or AES_CMAC 2. rx->sta is NULL When ieee80211_crypto_hw_decrypt is called, it verifies rx->sta->cipher_scheme and it will cause Oops if rx->sta is NULL. This path adds an addirional rx->sta == NULL verification in ieee80211_crypto_hw_decrypt for this case. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Diffstat (limited to 'net/mac80211/key.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: