diff options
author | Arik Nemtsov <arik@wizery.com> | 2012-07-09 19:57:28 +0300 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2012-07-12 12:10:42 +0200 |
commit | d811b3d5566f1441b321a1219c260124b209e0bd (patch) | |
tree | 86cd54ea8eaeb899d56496bd1f4d6b04a8ff38bb /net/mac80211 | |
parent | fd0142844efa85d89017c89227a0f03de1eee327 (diff) | |
download | kernel_goldelico_gta04-d811b3d5566f1441b321a1219c260124b209e0bd.zip kernel_goldelico_gta04-d811b3d5566f1441b321a1219c260124b209e0bd.tar.gz kernel_goldelico_gta04-d811b3d5566f1441b321a1219c260124b209e0bd.tar.bz2 |
mac80211: fix invalid band deref building preq IEs
The function building probe-request IEs does not validate the band is
supported before dereferencing it. This can result in a panic when
all bands are traversed, as done during sched-scan start.
Warn when this happens and return an empty probe request. Also fix
sched-scan to not waste memory on unsupported bands.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r-- | net/mac80211/scan.c | 3 | ||||
-rw-r--r-- | net/mac80211/util.c | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 379f178..1ff04f6 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -928,6 +928,9 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, } for (i = 0; i < IEEE80211_NUM_BANDS; i++) { + if (!local->hw.wiphy->bands[i]) + continue; + local->sched_scan_ies.ie[i] = kzalloc(2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len + diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 64493a7..596db0c 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -999,6 +999,8 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, int ext_rates_len; sband = local->hw.wiphy->bands[band]; + if (WARN_ON_ONCE(!sband)) + return 0; pos = buffer; |