forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net
History
Mohammed Shafi Shajakhan 34a9660ba1 mac80211: zero initialize count field in ieee80211_tx_rate 
commit 8617b093d0 upstream.

rate control algorithms concludes the rate as invalid
with rate[i].idx < -1 , while they do also check for rate[i].count is
non-zero. it would be safer to zero initialize the 'count' field.
recently we had a ath9k rate control crash where the ath9k rate control
in ath_tx_status assumed to check only for rate[i].count being non-zero
in one instance and ended up in using invalid rate index for
'connection monitoring NULL func frames' which eventually lead to the crash.
thanks to Pavel Roskin for fixing it and finding the root cause.
https://bugzilla.redhat.com/show_bug.cgi?id=768639

Cc: Pavel Roskin <proski@gnu.org>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-03-12 10:32:56 -07:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-10-03 11:40:22 -07:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q vlan: reset headers on accel emulation path 2011-10-03 11:40:55 -07:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
ax25 ax25: Fix set-but-unused variable. 2011-04-17 00:48:31 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
bluetooth Bluetooth: Fix timeout on scanning for the second time 2011-10-03 11:41:01 -07:00
bridge net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
caif net caif: Register properly as a pernet subsystem. 2012-02-03 09:19:03 -08:00
can can bcm: fix incomplete tx_setup fix 2011-11-11 09:36:45 -08:00
ceph ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
core netpoll: netpoll_poll_dev() should access dev->flags 2012-02-29 16:34:06 -08:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
decnet net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
econet econet: Fix set-but-unused variable. 2011-04-17 00:15:22 -07:00
ethernet net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-08-15 18:31:38 -07:00
ieee802154 ieee802154: Don't leak memory in ieee802154_nl_fill_phy 2011-06-13 18:03:22 -04:00
ipv4 ipv4: fix redirect handling 2012-02-29 16:34:18 -08:00
ipv6 ipv6-multicast: Fix memory leak in IPv6 multicast. 2012-02-29 16:33:51 -08:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: iriap: Use seperate lockdep class for irias_objects->hb_spinlock 2011-06-06 17:00:35 -07:00
iucv [S390] irq: merge irq.c and s390_ext.c 2011-05-26 09:48:24 +02:00
key net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
l2tp l2tp: l2tp_ip - fix possible oops on packet receive 2012-02-03 09:19:04 -08:00
lapb
llc llc: llc_cmsg_rcv was getting called after sk_eat_skb. 2012-01-06 14:14:06 -08:00
mac80211 mac80211: zero initialize count field in ieee80211_tx_rate 2012-03-12 10:32:56 -07:00
netfilter ipvs: fix matching of fwmark templates during scheduling 2012-02-29 16:34:31 -08:00
netlabel Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h" 2011-05-22 21:43:41 -07:00
netlink net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
netrom NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
packet make PACKET_STATISTICS getsockopt report consistently between ring and non-ring 2011-11-11 09:36:29 -08:00
phonet net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
rds rds: Make rds_sock_lock BH rather than IRQ safe. 2012-02-03 09:19:04 -08:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched net_sched: Bug in netem reordering 2012-02-29 16:34:07 -08:00
sctp sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd 2012-01-06 14:14:09 -08:00
sunrpc svcrpc: avoid memory-corruption on pool shutdown 2012-01-25 17:24:48 -08:00
tipc tipc: Revise timings used when sending link request messages 2011-05-10 16:04:02 -04:00
unix net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless cfg80211: amend regulatory NULL dereference fix 2011-12-09 08:52:45 -08:00
x25 x25: Prevent skb overreads when checking call user data 2011-10-25 07:10:17 +02:00
xfrm net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig bpf: depends on MODULES 2011-04-29 10:20:53 -07:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c sendmmsg/sendmsg: fix unsafe user pointer access 2011-10-03 11:39:54 -07:00
sysctl_net.c
TUNABLE