aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2009-03-20 11:57:36 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-03-20 16:01:57 -0400
commitf3f9258678b081c3ef2f036aef450cd2053ef419 (patch)
treea1c619e776cdea71943429dffbbaa87b0a7c7999
parent170ebf85160dd128e1c4206cc197cce7d1424705 (diff)
nl80211: Check that function pointer != NULL before using it
NL80211_CMD_GET_MESH_PARAMS and NL80211_CMD_SET_MESH_PARAMS handlers did not verify whether a function pointer is NULL (not supported by the driver) before trying to call the function. The former nl80211 command is available for unprivileged users, too, so this can potentially allow normal users to kill networking (or worse..) if mac80211 is built without CONFIG_MAC80211_MESH=y. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/wireless/nl80211.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 1e728fff474e..31b807af3235 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1908,6 +1908,11 @@ static int nl80211_get_mesh_params(struct sk_buff *skb,
1908 if (err) 1908 if (err)
1909 return err; 1909 return err;
1910 1910
1911 if (!drv->ops->get_mesh_params) {
1912 err = -EOPNOTSUPP;
1913 goto out;
1914 }
1915
1911 /* Get the mesh params */ 1916 /* Get the mesh params */
1912 rtnl_lock(); 1917 rtnl_lock();
1913 err = drv->ops->get_mesh_params(&drv->wiphy, dev, &cur_params); 1918 err = drv->ops->get_mesh_params(&drv->wiphy, dev, &cur_params);
@@ -2017,6 +2022,11 @@ static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2017 if (err) 2022 if (err)
2018 return err; 2023 return err;
2019 2024
2025 if (!drv->ops->set_mesh_params) {
2026 err = -EOPNOTSUPP;
2027 goto out;
2028 }
2029
2020 /* This makes sure that there aren't more than 32 mesh config 2030 /* This makes sure that there aren't more than 32 mesh config
2021 * parameters (otherwise our bitfield scheme would not work.) */ 2031 * parameters (otherwise our bitfield scheme would not work.) */
2022 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 2032 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
@@ -2061,6 +2071,7 @@ static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2061 err = drv->ops->set_mesh_params(&drv->wiphy, dev, &cfg, mask); 2071 err = drv->ops->set_mesh_params(&drv->wiphy, dev, &cfg, mask);
2062 rtnl_unlock(); 2072 rtnl_unlock();
2063 2073
2074 out:
2064 /* cleanup */ 2075 /* cleanup */
2065 cfg80211_put_dev(drv); 2076 cfg80211_put_dev(drv);
2066 dev_put(dev); 2077 dev_put(dev);