Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Stanislaw Gruszka 5a01241c81 mac80211: check if key has TKIP type before updating IV 
commit 4045f72bcf upstream.

This patch fix corruption which can manifest itself by following crash
when switching on rfkill switch with rt2x00 driver:
https://bugzilla.redhat.com/attachment.cgi?id=615362

Pointer key->u.ccmp.tfm of group key get corrupted in:

ieee80211_rx_h_michael_mic_verify():

        /* update IV in key information to be able to detect replays */
        rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
        rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;

because rt2x00 always set RX_FLAG_MMIC_STRIPPED, even if key is not TKIP.

We already check type of the key in different path in
ieee80211_rx_h_michael_mic_verify() function, so adding additional
check here is reasonable.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-31 10:03:01 -07:00
..
9p 9p: BUG before corrupting memory 2012-06-22 11:37:15 -07:00
802 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
8021q vlan: don't deliver frames for unknown vlans to protocols 2012-10-28 10:14:15 -07:00
appletalk
atm atm: fix info leak via getsockname() 2012-10-02 10:29:36 -07:00
ax25 net ax25: Reorder ax25_exit to remove races. 2012-04-19 15:37:48 -04:00
batman-adv batman-adv: only drop packets of known wifi clients 2012-07-16 09:04:11 -07:00
bluetooth Bluetooth: Fix sending a HCI Authorization Request over LE links 2012-10-02 10:30:34 -07:00
bridge bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2) 2012-07-16 09:03:49 -07:00
caif caif: Fix access to freed pernet memory 2012-08-09 08:31:42 -07:00
can net: remove skb_orphan_try() 2012-07-16 09:03:48 -07:00
ceph libceph: isolate kmap() call in write_partial_msg_pages() 2012-03-22 10:47:52 -05:00
core vlan: don't deliver frames for unknown vlans to protocols 2012-10-28 10:14:15 -07:00
dcb
dccp dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO) 2012-10-02 10:29:37 -07:00
decnet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
dns_resolver KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
dsa dsa: Move switch drivers to new directory drivers/net/dsa 2011-11-29 00:21:36 -05:00
econet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ethernet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ieee802154 6lowpan: add missing spin_lock_init() 2012-04-26 05:32:55 -04:00
ipv4 tcp: resets are misrouted 2012-10-28 10:14:16 -07:00
ipv6 ipv6: addrconf: fix /proc/net/if_inet6 2012-10-28 10:14:16 -07:00
ipx
irda Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
iucv net: remove skb_orphan_try() 2012-07-16 09:03:48 -07:00
key net/key/af_key.c: add missing kfree_skb 2012-04-13 11:01:44 -04:00
l2tp l2tp: fix a typo in l2tp_eth_dev_recv() 2012-10-13 05:38:45 +09:00
lapb Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
llc llc: fix info leak via getsockname() 2012-10-02 10:29:37 -07:00
mac80211 mac80211: check if key has TKIP type before updating IV 2012-10-31 10:03:01 -07:00
netfilter netfilter: xt_limit: have r->cost != 0 case work 2012-10-21 09:28:00 -07:00
netlabel netlabel: use GFP flags from caller instead of GFP_ATOMIC 2012-03-22 19:29:57 -04:00
netlink netlink: add reference of module in netlink_dump_start 2012-10-28 10:14:15 -07:00
netrom netrom: copy_datagram_iovec can fail 2012-10-13 05:38:45 +09:00
nfc NFC: Prevent multiple buffer overflows in NCI 2012-07-16 09:03:50 -07:00
openvswitch openvswitch: Reset upper layer protocol info on internal devices. 2012-10-02 10:29:50 -07:00
packet af_packet: don't emit packet on orig fanout group 2012-10-02 10:29:37 -07:00
phonet phonet: Sort out initiailziation and cleanup code. 2012-04-13 11:01:43 -04:00
rds RDS: fix rds-ping spinlock recursion 2012-10-28 10:14:15 -07:00
rfkill device.h: cleanup users outside of linux/include (C files) 2012-03-11 14:27:37 -04:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
rxrpc RxRPC: Fix kcalloc parameters swapped 2012-02-14 14:41:55 -05:00
sched pkt_sched: fix virtual-start-time update in QFQ 2012-10-13 05:38:42 +09:00
sctp sctp: Don't charge for data in sndbuf again when transmitting packet 2012-10-13 05:38:44 +09:00
sunrpc SUNRPC: Prevent races in xs_abort_connection() 2012-10-31 10:02:57 -07:00
tipc tipc: Optimize setting of immutable payload message header fields 2012-02-29 11:45:35 -05:00
unix af_netlink: force credentials passing [CVE-2012-3520] 2012-10-02 10:29:37 -07:00
wanrouter wanmain: comparing array with NULL 2012-08-09 08:31:51 -07:00
wimax
wireless cfg80211: fix possible circular lock on reg_regdb_search() 2012-10-02 10:30:09 -07:00
x25 net:x25: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xfrm xfrm_user: ensure user supplied esn replay window is valid 2012-10-13 05:38:41 +09:00
compat.c net: Fix references to out-of-scope variables in put_cmsg_compat() 2012-08-09 08:31:42 -07:00
Kconfig net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
Makefile net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
nonet.c
socket.c net: fix info leak in compat dev_ifconf() 2012-10-02 10:29:37 -07:00
sysctl_net.c sysctl: Modify __register_sysctl_paths to take a set instead of a root and an nsproxy 2012-01-24 16:40:30 -08:00