Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 0a27844ce86d039d74221dd56cd8c0349b146b63
commit0a27844ce86d039d74221dd56cd8c0349b146b63[log] [tgz]
authorSrinivas Dasari <dasaris@qti.qualcomm.com>Fri Jul 07 01:43:40 2017 +0300
committerJohannes Berg <johannes.berg@intel.com>Fri Jul 07 11:22:21 2017 +0200
tree8ed068b10a4d3bdd751e335265173e76a123ba56
parent9361df14d1cbf966409d5d6f48bb334384fbe138 [diff]
cfg80211: Check if NAN service ID is of expected size

nla policy checks for only maximum length of the attribute data when the
attribute type is NLA_BINARY. If userspace sends less data than
specified, cfg80211 may access illegal memory. When type is NLA_UNSPEC,
nla policy check ensures that userspace sends minimum specified length
number of bytes.

Remove type assignment to NLA_BINARY from nla_policy of
NL80211_NAN_FUNC_SERVICE_ID to make these NLA_UNSPEC and to make sure
minimum NL80211_NAN_FUNC_SERVICE_ID_LEN bytes are received from
userspace with NL80211_NAN_FUNC_SERVICE_ID.

Fixes: a442b761b24 ("cfg80211: add add_nan_func / del_nan_func")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1 file changed
tree: 8ed068b10a4d3bdd751e335265173e76a123ba56
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README