diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2011-07-19 18:52:16 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2011-07-20 15:04:38 -0400 |
| commit | a401d2bb363d942245acdd81c5b5a754011696ee (patch) | |
| tree | 1f05cf5d53b72576d101572aeca176320fc361df /net/wireless | |
| parent | 70126f6105f86366fd97644937ef2180b906b7c8 (diff) | |
cfg80211: fix scan crash on single-band cards
commit 58389c69150e6032504dfcd3edca6b1975c8b5bc
Author: Johannes Berg <johannes.berg@intel.com>
Date: Mon Jul 18 18:08:35 2011 +0200
cfg80211: allow userspace to control supported rates in scan
made single-band cards crash since it would always
access all wiphy->bands[]. Fix this and reject any
attempts in the new helper ieee80211_get_ratemask()
to do the same, rejecting rates configuration for
unsupported bands.
Reported-by: Pavel Roskin <proski@gnu.org>
Tested-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless')
| -rw-r--r-- | net/wireless/nl80211.c | 4 | ||||
| -rw-r--r-- | net/wireless/scan.c | 3 | ||||
| -rw-r--r-- | net/wireless/util.c | 3 |
3 files changed, 8 insertions, 2 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 20aa390cf338..28d2aa109bee 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -3454,7 +3454,9 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) | |||
| 3454 | } | 3454 | } |
| 3455 | 3455 | ||
| 3456 | for (i = 0; i < IEEE80211_NUM_BANDS; i++) | 3456 | for (i = 0; i < IEEE80211_NUM_BANDS; i++) |
| 3457 | request->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; | 3457 | if (wiphy->bands[i]) |
| 3458 | request->rates[i] = | ||
| 3459 | (1 << wiphy->bands[i]->n_bitrates) - 1; | ||
| 3458 | 3460 | ||
| 3459 | if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { | 3461 | if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { |
| 3460 | nla_for_each_nested(attr, | 3462 | nla_for_each_nested(attr, |
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 1e7ff949d1aa..2936cb809152 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c | |||
| @@ -863,7 +863,8 @@ int cfg80211_wext_siwscan(struct net_device *dev, | |||
| 863 | } | 863 | } |
| 864 | 864 | ||
| 865 | for (i = 0; i < IEEE80211_NUM_BANDS; i++) | 865 | for (i = 0; i < IEEE80211_NUM_BANDS; i++) |
| 866 | creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; | 866 | if (wiphy->bands[i]) |
| 867 | creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; | ||
| 867 | 868 | ||
| 868 | rdev->scan_req = creq; | 869 | rdev->scan_req = creq; |
| 869 | err = rdev->ops->scan(wiphy, dev, creq); | 870 | err = rdev->ops->scan(wiphy, dev, creq); |
diff --git a/net/wireless/util.c b/net/wireless/util.c index a329429bfdd8..be75a3a0424e 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c | |||
| @@ -1013,6 +1013,9 @@ int ieee80211_get_ratemask(struct ieee80211_supported_band *sband, | |||
| 1013 | { | 1013 | { |
| 1014 | int i, j; | 1014 | int i, j; |
| 1015 | 1015 | ||
| 1016 | if (!sband) | ||
| 1017 | return -EINVAL; | ||
| 1018 | |||
| 1016 | if (n_rates == 0 || n_rates > NL80211_MAX_SUPP_RATES) | 1019 | if (n_rates == 0 || n_rates > NL80211_MAX_SUPP_RATES) |
| 1017 | return -EINVAL; | 1020 | return -EINVAL; |
| 1018 | 1021 | ||