| From 4e99a93d50d298abf8dae5d645cc62f5df22145b Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Thu, 8 Apr 2021 14:31:50 +0200 |
| Subject: mac80211: bail out if cipher schemes are invalid |
| |
| From: Johannes Berg <johannes.berg@intel.com> |
| |
| [ Upstream commit db878e27a98106a70315d264cc92230d84009e72 ] |
| |
| If any of the cipher schemes specified by the driver are invalid, bail |
| out and fail the registration rather than just warning. Otherwise, we |
| might later crash when we try to use the invalid cipher scheme, e.g. |
| if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd |
| have an out-of-bounds access in RX validation. |
| |
| Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support") |
| Link: https://lore.kernel.org/r/20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| net/mac80211/main.c | 7 +++++-- |
| 1 file changed, 5 insertions(+), 2 deletions(-) |
| |
| diff --git a/net/mac80211/main.c b/net/mac80211/main.c |
| index d1023188ef37..891d2b6f233e 100644 |
| --- a/net/mac80211/main.c |
| +++ b/net/mac80211/main.c |
| @@ -1138,8 +1138,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) |
| if (local->hw.wiphy->max_scan_ie_len) |
| local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len; |
| |
| - WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, |
| - local->hw.n_cipher_schemes)); |
| + if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, |
| + local->hw.n_cipher_schemes))) { |
| + result = -EINVAL; |
| + goto fail_workqueue; |
| + } |
| |
| result = ieee80211_init_cipher_suites(local); |
| if (result < 0) |
| -- |
| 2.30.2 |
| |