mac80211: sanity check for null SSID

While associated we should never have empty SSID, but life can be full of surprises, and is allways better to print a warning than crash. Before memcpy() in ieee80211_probereq_get() check ssid_len instead of ssid pointer, sice pointer it always passed by "ssidie + 2" expression to send probe functions, so practically never can be NULL. Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Stanislaw Gruszka <sgruszka@redhat.com> 2012-03-29 10:30:41 -0400
committer: John W. Linville <linville@tuxdriver.com> 2012-04-10 15:20:28 -0400
commit: 88c868c43ba38ac3bab07bab4c45b4bc44c94357 (patch)
tree: c56c66967ebb4a33142a54ef94396340656399bf
parent: 32c5057b22a60b23353dda93c57e475856ca286c (diff)
2 files changed, 17 insertions, 4 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 93d484c8a0b8..12ca9820689a 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1518,9 +1518,16 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
                ifmgd->nullfunc_failed = false;
                ieee80211_send_nullfunc(sdata->local, sdata, 0);
        } else {
+                int ssid_len;
                ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
-                ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0,
+                if (WARN_ON_ONCE(ssid == NULL))
-                                         (u32) -1, true, false);
+                        ssid_len = 0;
+                else
+                        ssid_len = ssid[1];
+                ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
+                                         0, (u32) -1, true, false);
        }
        ifmgd->probe_send_count++;
@@ -1596,6 +1603,7 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
        struct sk_buff *skb;
        const u8 *ssid;
+        int ssid_len;
        if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
                return NULL;
@@ -1606,8 +1614,13 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
                return NULL;
        ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
+        if (WARN_ON_ONCE(ssid == NULL))
+                ssid_len = 0;
+        else
+                ssid_len = ssid[1];
        skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid,
-                                        (u32) -1, ssid + 2, ssid[1],
+                                        (u32) -1, ssid + 2, ssid_len,
                                        NULL, 0, true);
        return skb;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 14a01c81f959..e0b89780b472 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -2602,7 +2602,7 @@ struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
        pos = skb_put(skb, ie_ssid_len);
        *pos++ = WLAN_EID_SSID;
        *pos++ = ssid_len;
-        if (ssid)
+        if (ssid_len)
                memcpy(pos, ssid, ssid_len);
        pos += ssid_len;
author	Stanislaw Gruszka <sgruszka@redhat.com>	2012-03-29 10:30:41 -0400
committer	John W. Linville <linville@tuxdriver.com>	2012-04-10 15:20:28 -0400
commit	88c868c43ba38ac3bab07bab4c45b4bc44c94357 (patch)
tree	c56c66967ebb4a33142a54ef94396340656399bf
parent	32c5057b22a60b23353dda93c57e475856ca286c (diff)