diff options
author | Johannes Berg | 2014-03-19 09:11:19 +0100 |
---|---|---|
committer | Johannes Berg | 2014-03-19 21:29:53 +0100 |
commit | c9c3a0604614344f7c73523176b6d0a85cba6eab (patch) | |
tree | 0794174f0ec4835ef18530c305b7dadb27b785a9 /net/mac80211 | |
parent | mac80211: fix potential use-after-free (diff) | |
download | kernel-qcow2-linux-c9c3a0604614344f7c73523176b6d0a85cba6eab.tar.gz kernel-qcow2-linux-c9c3a0604614344f7c73523176b6d0a85cba6eab.tar.xz kernel-qcow2-linux-c9c3a0604614344f7c73523176b6d0a85cba6eab.zip |
mac80211: verify deauthentication and return error on failure
When still authenticating the mac80211 code handling a deauthentication
requests from userspace doesn't verify that the request is valid in any
way, fix that. Additionally, it never returns an error, even if there's
no connection or authentication attempt, fix that as well.
While at it, move the message to not print a message in the error case
and to distinguish between the two cases.
Also simplify the code by duplicating the cfg80211 call.
Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r-- | net/mac80211/mlme.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 423816f18b55..5ade21eb3602 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -4393,37 +4393,41 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; bool tx = !req->local_state_change; - bool report_frame = false; - sdata_info(sdata, - "deauthenticating from %pM by local choice (Reason: %u=%s)\n", - req->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code)); + if (ifmgd->auth_data && + ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) { + sdata_info(sdata, + "aborting authentication with %pM by local choice (Reason: %u=%s)\n", + req->bssid, req->reason_code, + ieee80211_get_reason_code_string(req->reason_code)); - if (ifmgd->auth_data) { drv_mgd_prepare_tx(sdata->local, sdata); ieee80211_send_deauth_disassoc(sdata, req->bssid, IEEE80211_STYPE_DEAUTH, req->reason_code, tx, frame_buf); ieee80211_destroy_auth_data(sdata, false); + cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, + IEEE80211_DEAUTH_FRAME_LEN); - report_frame = true; - goto out; + return 0; } if (ifmgd->associated && ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { + sdata_info(sdata, + "deauthenticating from %pM by local choice (Reason: %u=%s)\n", + req->bssid, req->reason_code, + ieee80211_get_reason_code_string(req->reason_code)); + ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, req->reason_code, tx, frame_buf); - report_frame = true; - } - - out: - if (report_frame) cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); + return 0; + } - return 0; + return -ENOTCONN; } int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, |