1
linux/net/wireless
Jouni Malinen 1b9ca0272f cfg80211: Fix validation of AKM suites
Incorrect variable was used in validating the akm_suites array from
NL80211_ATTR_AKM_SUITES. In addition, there was no explicit
validation of the array length (we only have room for
NL80211_MAX_NR_AKM_SUITES).

This can result in a buffer write overflow for stack variables with
arbitrary data from user space. The nl80211 commands using the affected
functionality require GENL_ADMIN_PERM, so this is only exposed to admin
users.

Cc: stable@kernel.org
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-21 15:58:24 -04:00
..
.gitignore
chan.c cfg80211: fix can_beacon_sec_chan, reenable HT40 2010-11-18 11:35:05 -05:00
core.c mac80211: fix suspend/resume races with unregister hw 2011-08-22 14:21:40 -04:00
core.h cfg80211: allow userspace to control supported rates in scan 2011-07-19 16:49:58 -04:00
db.txt
debugfs.c
debugfs.h
ethtool.c wireless: add support for ethtool_ops->{get,set}_ringparam 2011-03-11 14:16:58 -05:00
ethtool.h
genregdb.awk
ibss.c
Kconfig kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c net/wireless: Use pr_<level> and netdev_<level> 2010-11-24 16:19:33 -05:00
lib80211_crypt_wep.c wireless: Fix warnings due to -Wunused-but-set-variable 2011-05-10 15:53:47 -04:00
lib80211.c net/wireless: Use pr_<level> and netdev_<level> 2010-11-24 16:19:33 -05:00
Makefile cfg80211/mac80211: add mesh join/leave commands 2010-12-06 16:01:29 -05:00
mesh.c nl80211: New notification to discover mesh peer candidates. 2011-04-12 16:57:39 -04:00
mlme.c cfg80211/nl80211: support GTK rekey offload 2011-07-06 15:05:42 -04:00
nl80211.c cfg80211: Fix validation of AKM suites 2011-09-21 15:58:24 -04:00
nl80211.h cfg80211/nl80211: support GTK rekey offload 2011-07-06 15:05:42 -04:00
radiotap.c
reg.c wireless: Reset beacon_found while updating regulatory 2011-09-16 15:32:08 -04:00
reg.h net/wireless: add COUNTRY to to regulatory device uevent 2011-03-09 16:10:57 -05:00
regdb.h
scan.c cfg80211: fix scan crash on single-band cards 2011-07-20 15:04:38 -04:00
sme.c wireless: Fix rate mask for scan request 2011-09-16 15:32:11 -04:00
sysfs.c mac80211: fix suspend/resume races with unregister hw 2011-08-22 14:21:40 -04:00
sysfs.h
util.c cfg80211: fix scan crash on single-band cards 2011-07-20 15:04:38 -04:00
wext-compat.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-03 21:27:42 -08:00
wext-compat.h
wext-core.c net/wireless: Use pr_<level> and netdev_<level> 2010-11-24 16:19:33 -05:00
wext-priv.c
wext-proc.c
wext-sme.c
wext-spy.c