linux/net/wireless
Jouni Malinen 1b9ca0272f cfg80211: Fix validation of AKM suites
Incorrect variable was used in validating the akm_suites array from
NL80211_ATTR_AKM_SUITES. In addition, there was no explicit
validation of the array length (we only have room for
NL80211_MAX_NR_AKM_SUITES).

This can result in a buffer write overflow for stack variables with
arbitrary data from user space. The nl80211 commands using the affected
functionality require GENL_ADMIN_PERM, so this is only exposed to admin
users.

Cc: stable@kernel.org
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-21 15:58:24 -04:00
..
.gitignore
chan.c
core.c mac80211: fix suspend/resume races with unregister hw 2011-08-22 14:21:40 -04:00
core.h cfg80211: allow userspace to control supported rates in scan 2011-07-19 16:49:58 -04:00
db.txt
debugfs.c
debugfs.h
ethtool.c
ethtool.h
genregdb.awk
ibss.c
Kconfig
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
lib80211.c
Makefile
mesh.c
mlme.c cfg80211/nl80211: support GTK rekey offload 2011-07-06 15:05:42 -04:00
nl80211.c cfg80211: Fix validation of AKM suites 2011-09-21 15:58:24 -04:00
nl80211.h cfg80211/nl80211: support GTK rekey offload 2011-07-06 15:05:42 -04:00
radiotap.c
reg.c wireless: Reset beacon_found while updating regulatory 2011-09-16 15:32:08 -04:00
reg.h
regdb.h
scan.c cfg80211: fix scan crash on single-band cards 2011-07-20 15:04:38 -04:00
sme.c wireless: Fix rate mask for scan request 2011-09-16 15:32:11 -04:00
sysfs.c mac80211: fix suspend/resume races with unregister hw 2011-08-22 14:21:40 -04:00
sysfs.h
util.c cfg80211: fix scan crash on single-band cards 2011-07-20 15:04:38 -04:00
wext-compat.c
wext-compat.h
wext-core.c
wext-priv.c
wext-proc.c
wext-sme.c
wext-spy.c