aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2011-08-10 19:00:33 -0600
committerDmitry Shmidt <dimitrysh@google.com>2012-02-29 10:35:49 -0800
commit254c20edd7eeda7b0acc379cc30c0ecccce39a66 (patch)
tree99973ebe444b0d0e57e7e2e0bc471fc641bc0211 /net
parentd93cdf396dfed7a7fc6d7c31b59538bf52378251 (diff)
downloadkernel_samsung_tuna-254c20edd7eeda7b0acc379cc30c0ecccce39a66.zip
kernel_samsung_tuna-254c20edd7eeda7b0acc379cc30c0ecccce39a66.tar.gz
kernel_samsung_tuna-254c20edd7eeda7b0acc379cc30c0ecccce39a66.tar.bz2
cfg80211: fix a crash in nl80211_send_station
mac80211 leaves sinfo->assoc_req_ies uninitialized, causing a random pointer memory access in nl80211_send_station. Instead of checking if the pointer is null, use sinfo->filled, like the rest of the fields. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/wireless/nl80211.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 33115be..9d714f5 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2209,7 +2209,7 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
}
nla_nest_end(msg, sinfoattr);
- if (sinfo->assoc_req_ies)
+ if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES)
NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
sinfo->assoc_req_ies);