linux-hardened/net/wireless
Jouni Malinen 1b9ca0272f cfg80211: Fix validation of AKM suites
Incorrect variable was used in validating the akm_suites array from
NL80211_ATTR_AKM_SUITES. In addition, there was no explicit
validation of the array length (we only have room for
NL80211_MAX_NR_AKM_SUITES).

This can result in a buffer write overflow for stack variables with
arbitrary data from user space. The nl80211 commands using the affected
functionality require GENL_ADMIN_PERM, so this is only exposed to admin
users.

Cc: stable@kernel.org
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-21 15:58:24 -04:00
..
.gitignore wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
chan.c cfg80211: fix can_beacon_sec_chan, reenable HT40 2010-11-18 11:35:05 -05:00
core.c mac80211: fix suspend/resume races with unregister hw 2011-08-22 14:21:40 -04:00
core.h cfg80211: allow userspace to control supported rates in scan 2011-07-19 16:49:58 -04:00
db.txt wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
debugfs.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
debugfs.h cfg80211/mac80211: use debugfs_remove_recursive 2009-10-30 16:49:18 -04:00
ethtool.c wireless: add support for ethtool_ops->{get,set}_ringparam 2011-03-11 14:16:58 -05:00
ethtool.h net/wireless/ethtool.h: drop unnecessary include of linux/ethtool.h 2009-10-07 16:39:49 -04:00
genregdb.awk wireless: correct sparse warning in generated regdb.c 2010-07-20 16:49:37 -04:00
ibss.c cfg80211/mac80211: allow per-station GTKs 2010-10-06 16:30:40 -04:00
Kconfig kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
lib80211.c net/wireless: Use pr_<level> and netdev_<level> 2010-11-24 16:19:33 -05:00
lib80211_crypt_ccmp.c lib80211: remove unused host_build_iv option 2010-07-26 15:09:04 -04:00
lib80211_crypt_tkip.c net/wireless: Use pr_<level> and netdev_<level> 2010-11-24 16:19:33 -05:00
lib80211_crypt_wep.c wireless: Fix warnings due to -Wunused-but-set-variable 2011-05-10 15:53:47 -04:00
Makefile cfg80211/mac80211: add mesh join/leave commands 2010-12-06 16:01:29 -05:00
mesh.c nl80211: New notification to discover mesh peer candidates. 2011-04-12 16:57:39 -04:00
mlme.c cfg80211/nl80211: support GTK rekey offload 2011-07-06 15:05:42 -04:00
nl80211.c cfg80211: Fix validation of AKM suites 2011-09-21 15:58:24 -04:00
nl80211.h cfg80211/nl80211: support GTK rekey offload 2011-07-06 15:05:42 -04:00
radiotap.c radiotap: fix vendor namespace parsing 2010-10-15 15:57:34 -04:00
reg.c wireless: Reset beacon_found while updating regulatory 2011-09-16 15:32:08 -04:00
reg.h net/wireless: add COUNTRY to to regulatory device uevent 2011-03-09 16:10:57 -05:00
regdb.h wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
scan.c cfg80211: fix scan crash on single-band cards 2011-07-20 15:04:38 -04:00
sme.c wireless: Fix rate mask for scan request 2011-09-16 15:32:11 -04:00
sysfs.c mac80211: fix suspend/resume races with unregister hw 2011-08-22 14:21:40 -04:00
sysfs.h
util.c cfg80211: fix scan crash on single-band cards 2011-07-20 15:04:38 -04:00
wext-compat.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-03 21:27:42 -08:00
wext-compat.h cfg80211: validate channel settings across interfaces 2009-08-14 09:13:42 -04:00
wext-core.c net/wireless: Use pr_<level> and netdev_<level> 2010-11-24 16:19:33 -05:00
wext-priv.c wext: fix potential private ioctl memory content leak 2010-09-20 13:41:40 -04:00
wext-proc.c net: spread __net_init, __net_exit 2010-01-17 19:16:02 -08:00
wext-sme.c cfg80211: allow changing port control protocol 2010-08-27 13:27:07 -04:00
wext-spy.c wext: refactor 2009-10-07 16:39:43 -04:00