aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/exit.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2009-11-20 09:15:51 +0100
committerJohn W. Linville <linville@tuxdriver.com>2009-11-30 13:52:21 -0500
commit4253119acf412fd686ef4bd8749b5a4d70ea3a51 (patch)
tree44dc3e4ea5a6c2eb21a0e0c04de1c04e1662549d /kernel/exit.c
parent3e9848403ad59c53b31facb30b43ca80135ae0b9 (diff)
downloadkernel_samsung_tuna-4253119acf412fd686ef4bd8749b5a4d70ea3a51.zip
kernel_samsung_tuna-4253119acf412fd686ef4bd8749b5a4d70ea3a51.tar.gz
kernel_samsung_tuna-4253119acf412fd686ef4bd8749b5a4d70ea3a51.tar.bz2
mac80211: fix two remote exploits
Lennert Buytenhek noticed a remotely triggerable problem in mac80211, which is due to some code shuffling I did that ended up changing the order in which things were done -- this was in commit d75636ef9c1af224f1097941879d5a8db7cd04e5 Author: Johannes Berg <johannes@sipsolutions.net> Date: Tue Feb 10 21:25:53 2009 +0100 mac80211: RX aggregation: clean up stop session The problem is that the BUG_ON moved before the various checks, and as such can be triggered. As the comment indicates, the BUG_ON can be removed since the ampdu_action callback must already exist when the state is OPERATIONAL. A similar code path leads to a WARN_ON in ieee80211_stop_tx_ba_session, which can also be removed. Cc: stable@kernel.org [2.6.29+] Cc: Lennert Buytenhek <buytenh@marvell.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'kernel/exit.c')
0 files changed, 0 insertions, 0 deletions