* [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP
@ 2009-07-09 8:59 Zhu Yi
2009-07-09 11:32 ` Johannes Berg
0 siblings, 1 reply; 2+ messages in thread
From: Zhu Yi @ 2009-07-09 8:59 UTC (permalink / raw)
To: linville; +Cc: linux-wireless, Zhu Yi, Johannes Berg
This patch avoids memcpy from wdev->wext.ibss.bssid if it is NULL.
This could happen if we SIOCGIWAP before SIOCSIWAP.
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
---
net/wireless/ibss.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
index 99ef936..cf3a7dc 100644
--- a/net/wireless/ibss.c
+++ b/net/wireless/ibss.c
@@ -434,8 +434,11 @@ int cfg80211_ibss_wext_giwap(struct net_device *dev,
wdev_lock(wdev);
if (wdev->current_bss)
memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
- else
+ else if (wdev->wext.ibss.bssid)
memcpy(ap_addr->sa_data, wdev->wext.ibss.bssid, ETH_ALEN);
+ else
+ memset(ap_addr->sa_data, 0, ETH_ALEN);
+
wdev_unlock(wdev);
return 0;
--
1.6.0.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP
2009-07-09 8:59 [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP Zhu Yi
@ 2009-07-09 11:32 ` Johannes Berg
0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2009-07-09 11:32 UTC (permalink / raw)
To: Zhu Yi; +Cc: linville, linux-wireless
[-- Attachment #1: Type: text/plain, Size: 965 bytes --]
On Thu, 2009-07-09 at 16:59 +0800, Zhu Yi wrote:
> This patch avoids memcpy from wdev->wext.ibss.bssid if it is NULL.
> This could happen if we SIOCGIWAP before SIOCSIWAP.
Indeed, thanks.
> Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
> ---
> net/wireless/ibss.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
> index 99ef936..cf3a7dc 100644
> --- a/net/wireless/ibss.c
> +++ b/net/wireless/ibss.c
> @@ -434,8 +434,11 @@ int cfg80211_ibss_wext_giwap(struct net_device *dev,
> wdev_lock(wdev);
> if (wdev->current_bss)
> memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
> - else
> + else if (wdev->wext.ibss.bssid)
> memcpy(ap_addr->sa_data, wdev->wext.ibss.bssid, ETH_ALEN);
> + else
> + memset(ap_addr->sa_data, 0, ETH_ALEN);
> +
> wdev_unlock(wdev);
>
> return 0;
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-07-09 11:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-09 8:59 [PATCH] cfg80211: fix NULL dereference in IBSS SIOCGIWAP Zhu Yi
2009-07-09 11:32 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox