1
linux/net
Christian Lamparter d12c74528e mac80211: fix possible null-pointer de-reference
This patch not only fixes a null-pointer de-reference
that would be triggered by a PLINK_OPEN frame with mis-
matching/incompatible mesh configuration, but also
responds correctly to non-compatible PLINK_OPEN frames
by generating a PLINK_CLOSE with the right reason code.

The original bug was detected by smatch.
( http://repo.or.cz/w/smatch.git )

net/mac80211/mesh_plink.c +574 mesh_rx_plink_frame(168)
error: we previously assumed 'sta' could be null.

Cc: <stable@kernel.org>
Reviewed-and-Tested-by: Steve deRosier <steve@cozybit.com>
Reviewed-and-Tested-by: Javier Cardona <javier@cozybit.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-10-11 15:04:20 -04:00
..
9p fs/9p: destroy fid on failed remove 2010-08-02 14:28:36 -05:00
802 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
8021q vlan_dev: VLAN 0 should be treated as "no vlan tag" (802.1p packet) 2010-07-18 15:38:44 -07:00
appletalk Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
atm ppp: make channel_ops const 2010-08-04 21:53:17 -07:00
ax25 net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
bluetooth Bluetooth: Fix incorrect setting of remote_tx_win for L2CAP ERTM 2010-08-10 07:59:11 -04:00
bridge Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-08-02 22:22:46 -07:00
caif caif: precedence bug 2010-07-22 14:14:47 -07:00
can can-raw: Fix skb_orphan_try handling 2010-08-03 00:31:48 -07:00
core cfg80211: support sysfs namespaces 2010-08-16 15:26:40 -04:00
dcb
dccp net: dccp: fix sign bug 2010-07-18 15:07:14 -07:00
decnet net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 18:25:24 -07:00
econet econet: fix locking 2010-06-11 18:37:08 -07:00
ethernet Net: ethernet: pe2.c: fix EXPORT_SYMBOL macro code style issue 2010-07-14 18:27:09 -07:00
ieee802154 ieee802154: Fix possible NULL pointer dereference in wpan_phy_alloc 2010-05-23 23:11:07 -07:00
ipv4 tcp: no md5sig option size check bug 2010-08-07 20:24:28 -07:00
ipv6 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-08-04 15:31:02 -07:00
ipx
irda ppp: make channel_ops const 2010-08-04 21:53:17 -07:00
iucv net: use __packed annotation 2010-06-03 03:21:52 -07:00
key pfkey: add severity to printk 2010-05-17 23:23:13 -07:00
l2tp ppp: make channel_ops const 2010-08-04 21:53:17 -07:00
lapb
llc Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-05-12 00:05:35 -07:00
mac80211 mac80211: fix possible null-pointer de-reference 2010-10-11 15:04:20 -04:00
netfilter Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-08-04 15:31:02 -07:00
netlabel net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
netlink genetlink: introduce pre_doit/post_doit hooks 2010-10-05 13:35:30 -04:00
netrom net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
packet packet_mmap: expose hw packet timestamps to network packet capture utilities 2010-06-02 05:53:56 -07:00
phonet Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 18:25:24 -07:00
rds net/rds: Add missing mutex_unlock 2010-05-29 00:18:48 -07:00
rfkill Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
rose net/rose: Use GFP_ATOMIC 2010-08-01 00:32:12 -07:00
rxrpc RxRPC: Fix a potential deadlock between the call resend_timer and state_lock 2010-08-04 21:53:16 -07:00
sched pkt_sched: Fix sch_sfq vs tcf_bind_filter oops 2010-08-07 22:45:41 -07:00
sctp Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-08-04 15:31:02 -07:00
sunrpc mm: add context argument to shrinker callback to remaining shrinkers 2010-07-21 15:33:01 +10:00
tipc tipc: Reduce footprint by un-inlining tipc_msg_* routines 2010-05-12 23:02:29 -07:00
unix drop_monitor: convert some kfree_skb call sites to consume_skb 2010-07-20 13:28:05 -07:00
wanrouter net: autoconvert trivial BKL users to private mutex 2010-07-12 20:21:47 -07:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
wireless wireless: Set some stats used by /proc/net/wireless (wext) 2010-10-11 15:04:19 -04:00
x25 X25: Remove bkl in sockopts 2010-05-17 17:39:28 -07:00
xfrm Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 18:25:24 -07:00
compat.c From abbffa2aa9bd6f8df16d0d0a102af677510d8b9a Mon Sep 17 00:00:00 2001 2010-06-03 20:03:40 -07:00
Kconfig wireless: Make COMPAT_NETLINK_MESSAGES depend upon WEXT_CORE 2010-07-26 13:13:49 -07:00
Makefile net/Makefile: conditionally descend to wireless and ieee802154 2010-06-29 15:32:43 -07:00
nonet.c
socket.c net: support time stamping in phy devices. 2010-07-18 19:15:26 -07:00
sysctl_net.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
TUNABLE