forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net/wireless
History
Luciano Coelho 946ea1c993 nl80211: fix check for valid SSID size in scan operations 
commit 208c72f4fe upstream.

In both trigger_scan and sched_scan operations, we were checking for
the SSID length before assigning the value correctly.  Since the
memory was just kzalloc'ed, the check was always failing and SSID with
over 32 characters were allowed to go through.

This was causing a buffer overflow when copying the actual SSID to the
proper place.

This bug has been there since 2.6.29-rc4.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-06-23 15:24:06 -07:00
..
chan.c cfg80211: fix locking for SIWFREQ 2009-08-14 09:13:51 -04:00
core.c headers: remove sched.h from interrupt.h 2009-10-11 11:20:58 -07:00
core.h wireless: report reasonable bitrate for MCS rates through wext 2010-07-05 11:11:11 -07:00
debugfs.c cfg80211: clean up naming once and for all 2009-07-10 15:02:33 -04:00
debugfs.h cfg80211: clean up naming once and for all 2009-07-10 15:02:33 -04:00
ibss.c cfg80211: make spurious warnings less likely, configurable 2009-08-28 14:40:30 -04:00
Kconfig wireless: update cfg80211 kconfig entry 2009-09-08 16:31:06 -04:00
lib80211.c lib80211: consolidate crypt init routines 2008-11-21 11:08:17 -05:00
lib80211_crypt_ccmp.c lib80211: silence excessive crypto debugging messages 2009-03-16 18:01:58 -04:00
lib80211_crypt_tkip.c lib80211: silence excessive crypto debugging messages 2009-03-16 18:01:58 -04:00
lib80211_crypt_wep.c lib80211: absorb crypto bits from net/ieee80211 2008-11-21 11:08:17 -05:00
Makefile cfg80211: validate channel settings across interfaces 2009-08-14 09:13:42 -04:00
mlme.c cfg80211: ignore spurious deauth 2010-08-10 10:20:42 -07:00
nl80211.c nl80211: fix check for valid SSID size in scan operations 2011-06-23 15:24:06 -07:00
nl80211.h cfg80211: fix locking 2009-07-10 15:02:32 -04:00
radiotap.c wireless: use get/put_unaligned_* helpers 2008-05-14 16:29:32 -04:00
reg.c cfg80211: fix syntax error on user regulatory hints 2010-01-18 10:19:45 -08:00
reg.h Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-08-12 17:44:53 -07:00
scan.c cfg80211: don't get expired BSSes 2010-08-10 10:20:43 -07:00
sme.c cfg80211: fix channel setting for wext 2010-01-28 15:02:38 -08:00
sysfs.c cfg80211: rename cfg80211_registered_device's idx to wiphy_idx 2009-02-27 14:52:54 -05:00
sysfs.h
util.c wireless: report reasonable bitrate for MCS rates through wext 2010-07-05 11:11:11 -07:00
wext-compat.c wireless extensions: fix kernel heap content leak 2010-09-20 13:17:56 -07:00
wext-compat.h cfg80211: validate channel settings across interfaces 2009-08-14 09:13:42 -04:00
wext-sme.c cfg80211: don't set privacy w/o key 2009-09-28 16:55:04 -04:00
wext.c wext: fix potential private ioctl memory content leak 2010-10-28 21:44:02 -07:00