linux-next/net at 1140afa862842ac3e56678693050760edc4ecde9 - linux-next - MyRedstone

Kernel/linux-next

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-13 17:28:56 +00:00

History

Stanislaw Gruszka 1140afa862 mac80211: fix rx->key NULL pointer dereference in promiscuous mode

Since:

commit 816c04fe7ef01dd9649f5ccfe796474db8708be5
Author: Christian Lamparter <chunkeey@googlemail.com>
Date:   Sat Apr 30 15:24:30 2011 +0200

    mac80211: consolidate MIC failure report handling

is possible to that we dereference rx->key == NULL when driver set
RX_FLAG_MMIC_STRIPPED and not RX_FLAG_IV_STRIPPED and we are in
promiscuous mode. This happen with rt73usb and rt61pci at least.

Before the commit we always check rx->key against NULL, so I assume
fix should be done in mac80211 (also mic_fail path has similar check).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=769766
http://rt2x00.serialmonkey.com/pipermail/users_rt2x00.serialmonkey.com/2012-January/004395.html

Cc: stable@vger.kernel.org # 3.0+
Reported-by: Stuart D Gathman <stuart@gathman.org>
Reported-by: Kai Wohlfahrt <kai.scorpio@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

2012-01-11 15:14:50 -05:00

..

net/9p: Convert net/9p protocol dumps to tracepoints

2011-10-24 11:13:12 -05:00

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00

vlan: static functions

2011-12-14 02:39:30 -05:00

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00

net: Rename dst_get_neighbour{, _raw} to dst_get_neighbour_noref{, _raw}.

2011-12-05 15:20:19 -05:00

ax25: avoid overflows in ax25_setsockopt()

2011-12-28 14:08:08 -05:00

batman-adv: Fix merge error.

2011-12-16 15:07:28 -05:00

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next

2012-01-10 15:44:17 -05:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2011-12-23 17:13:56 -05:00

net: fix assignment of 0/1 to bool variables.

2011-12-19 22:27:29 -05:00

can: remove references to berlios mailinglist

2011-10-17 19:22:46 -04:00

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client

2011-12-13 14:59:42 -08:00

net: Fix build with INET disabled.

2012-01-09 13:44:23 -08:00

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00

module_param: make bool parameters really bool (net & drivers/net)

2011-12-19 22:27:29 -05:00

ipv6: Use universal hash for NDISC.

2011-12-28 15:06:58 -05:00

KEYS: Improve /proc/keys

2011-03-17 11:59:32 +11:00

dsa: Move switch drivers to new directory drivers/net/dsa

2011-11-29 00:21:36 -05:00

net: Remove all uses of LL_ALLOCATED_SPACE

2011-11-18 14:37:09 -05:00

net: don't clear IFF_XMIT_DST_RELEASE in ether_setup

2011-09-15 14:49:44 -04:00

net: Remove all uses of LL_ALLOCATED_SPACE

2011-11-18 14:37:09 -05:00

igmp: Avoid zero delay when receiving odd mixture of IGMP queries

2012-01-09 14:06:46 -08:00

ipv6/addrconf: speedup /proc/net/if_inet6 filling

2012-01-04 16:00:57 -05:00

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00

irda: use msecs_to_jiffies() rather than manual calculation

2011-12-21 15:46:22 -05:00

af_iucv: get rid of state IUCV_SEVERED

2011-12-20 14:05:03 -05:00

net: use IS_ENABLED(CONFIG_IPV6)

2011-12-11 18:25:16 -05:00

l2tp: ensure sk->dst is still valid

2011-11-26 15:57:36 -05:00

wan: make LAPB callbacks const

2011-09-16 19:20:20 -04:00

llc: llc_cmsg_rcv was getting called after sk_eat_skb.

2011-12-19 15:58:52 -05:00

mac80211: fix rx->key NULL pointer dereference in promiscuous mode

2012-01-11 15:14:50 -05:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2012-01-02 18:56:49 -05:00

net: use IS_ENABLED(CONFIG_IPV6)

2011-12-11 18:25:16 -05:00

genetlink: add auto module loading

2011-12-28 13:48:55 -05:00

netrom: avoid overflows in nr_setsockopt()

2011-12-28 14:08:08 -05:00

NFC: Export a new attribute nfcid1 in target info

2012-01-04 14:30:43 -05:00

openvswitch: small potential memory leak in ovs_vport_alloc()

2011-12-06 12:58:57 -05:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2011-12-30 13:04:14 -05:00

Phonet: set the pipe handle using setsockopt

2011-11-18 14:37:40 -05:00

rds: drop "select LLIST"

2011-11-14 00:10:50 -05:00

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem

2012-01-05 10:13:24 -05:00

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00

net: fix assignment of 0/1 to bool variables.

2011-12-19 22:27:29 -05:00

net_sched: red: split red_parms into parms and vars

2012-01-05 14:01:21 -05:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2011-12-23 17:13:56 -05:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2011-12-23 17:13:56 -05:00

tipc: rename struct bearer_name to struct tipc_bearer_names

2011-12-29 21:53:30 -05:00

net: Default UDP and UNIX diag to 'n'.

2012-01-07 12:13:06 -08:00

wanrouter: Remove kernel_lock annotations

2011-11-07 13:27:30 -05:00

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00

nl80211: fix old station flags compatibility

2012-01-11 15:14:50 -05:00

net:x25: use IS_ENABLED

2011-12-16 15:49:52 -05:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2011-12-23 17:13:56 -05:00

compat.c

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00

Kconfig

net: Add Open vSwitch kernel components.

2011-12-03 09:35:17 -08:00

Makefile

net: Add Open vSwitch kernel components.

2011-12-03 09:35:17 -08:00

nonet.c

llseek: automatically add .llseek fop

2010-10-15 15:53:27 +02:00

socket.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

2012-01-06 17:22:09 -08:00

sysctl_net.c

net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

2011-10-31 19:30:30 -04:00