linux/net/wireless
Dmitry Ivanov 8f815cdde3 nl80211: check netlink protocol in socket release notification
A non-privileged user can create a netlink socket with the same port_id as
used by an existing open nl80211 netlink socket (e.g. as used by a hostapd
process) with a different protocol number.

Closing this socket will then lead to the notification going to nl80211's
socket release notification handler, and possibly cause an action such as
removing a virtual interface.

Fix this issue by checking that the netlink protocol is NETLINK_GENERIC.
Since generic netlink has no notifier chain of its own, we can't fix the
problem more generically.

Fixes: 026331c4d9 ("cfg80211/mac80211: allow registering for and sending action frames")
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
[rewrite commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-04-12 15:39:06 +02:00
..
.gitignore
ap.c
chan.c
core.c
core.h
db.txt
debugfs.c
debugfs.h
ethtool.c
genregdb.awk
ibss.c
Kconfig
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
lib80211.c
Makefile
mesh.c
mlme.c
nl80211.c nl80211: check netlink protocol in socket release notification 2016-04-12 15:39:06 +02:00
nl80211.h
ocb.c
radiotap.c
rdev-ops.h
reg.c
reg.h
regdb.h
scan.c
sme.c
sysfs.c
sysfs.h
trace.c
trace.h
util.c
wext-compat.c
wext-compat.h
wext-core.c
wext-priv.c
wext-proc.c
wext-sme.c
wext-spy.c