system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-19 09:49:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/wireless
History
Anant Thazhemadam 2d9463083c nl80211: validate key indexes for cfg80211_registered_device 
syzbot discovered a bug in which an OOB access was being made because
an unsuitable key_idx value was wrongly considered to be acceptable
while deleting a key in nl80211_del_key().

Since we don't know the cipher at the time of deletion, if
cfg80211_validate_key_settings() were to be called directly in
nl80211_del_key(), even valid keys would be wrongly determined invalid,
and deletion wouldn't occur correctly.
For this reason, a new function - cfg80211_valid_key_idx(), has been
created, to determine if the key_idx value provided is valid or not.
cfg80211_valid_key_idx() is directly called in 2 places -
nl80211_del_key(), and cfg80211_validate_key_settings().

Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Suggested-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com
Cc: stable@vger.kernel.org
[also disallow IGTK key IDs if no IGTK cipher is supported]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-12-11 13:20:04 +01:00
..
certs
.gitignore
ap.c
chan.c cfg80211: remove WDS code 2020-11-11 08:39:13 +01:00
core.c Some updates: 2020-11-13 12:03:22 -08:00
core.h nl80211: validate key indexes for cfg80211_registered_device 2020-12-11 13:20:04 +01:00
debugfs.c
debugfs.h
ethtool.c
ibss.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
Kconfig lib80211: fix unmet direct dependendices config warning when !CRYPTO 2020-09-18 11:37:24 +02:00
lib80211.c lib80211: Remove unused macro DRV_NAME 2020-09-18 11:53:00 +02:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211_crypt_wep.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
Makefile
mesh.c cfg80211/mac80211: add mesh_param "mesh_nolearn" to skip path discovery 2020-07-31 09:24:23 +02:00
mlme.c cfg80211: handle Association Response from S1G STA 2020-09-28 13:54:03 +02:00
nl80211.c nl80211: validate key indexes for cfg80211_registered_device 2020-12-11 13:20:04 +01:00
nl80211.h
ocb.c
of.c
pmsr.c
radiotap.c wireless: radiotap: fix some kernel-doc 2020-09-28 13:53:05 +02:00
rdev-ops.h cfg80211: remove WDS code 2020-11-11 08:39:13 +01:00
reg.c cfg80211: Save the regulatory domain when setting custom regulatory 2020-12-11 12:57:24 +01:00
reg.h
scan.c cfg80211: Update TSF and TSF BSSID for multi BSS 2020-12-11 12:57:02 +01:00
sme.c net: wireless: Convert to use the preferred fallthrough macro 2020-08-27 11:24:28 +02:00
sysfs.c
sysfs.h
trace.c
trace.h cfg80211: remove WDS code 2020-11-11 08:39:13 +01:00
util.c nl80211: validate key indexes for cfg80211_registered_device 2020-12-11 13:20:04 +01:00
wext-compat.c cfg80211: fix callback type mismatches in wext-compat 2020-12-11 12:50:27 +01:00
wext-compat.h
wext-core.c
wext-priv.c
wext-proc.c
wext-sme.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
wext-spy.c