Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 03:43:03 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/mac80211
History
Johannes Berg 2e613ff8d8 mac80211: fix use-after-free in defragmentation 
commit b8fff407a180286aa683d543d878d98d9fc57b13 upstream.

Upon receiving the last fragment, all but the first fragment
are freed, but the multicast check for statistics at the end
of the function refers to the current skb (the last fragment)
causing a use-after-free bug.

Since multicast frames cannot be fragmented and we check for
this early in the function, just modify that check to also
do the accounting to fix the issue.

Reported-by: Yosef Khyal <yosefx.khyal@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-21 09:22:53 -08:00
..
aes_ccm.c
aes_ccm.h
aes_cmac.c mac80211: include export.h in aes_cmac 2012-11-07 18:01:54 +01:00
aes_cmac.h
agg-rx.c mac80211: improve aggregation debug messages 2013-01-18 21:55:15 +01:00
agg-tx.c mac80211: fix aggregation state with current drivers 2013-01-24 15:43:51 +01:00
cfg.c mac80211: release the channel in error path in start_ap 2014-02-22 12:41:26 -08:00
cfg.h
chan.c Merge remote-tracking branch 'wireless-next/master' into mac80211-next 2013-04-22 15:31:43 +02:00
debug.h mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
debugfs.c mac80211: remove IEEE80211_HW_SCAN_WHILE_IDLE 2013-02-11 18:45:01 +01:00
debugfs.h mac80211: use __printf attribute in debugfs 2012-10-18 09:01:57 +02:00
debugfs_key.c mac80211: move sdata debugfs dir to vif 2013-03-18 20:10:04 +01:00
debugfs_key.h
debugfs_netdev.c mac80211: don't check netdev state for debugfs read/write 2014-07-09 11:14:01 -07:00
debugfs_netdev.h
debugfs_sta.c mac80211: add beacon stats to debugfs 2013-04-08 09:16:54 +02:00
debugfs_sta.h
driver-ops.h mac80211: pass queue bitmap to flush operation 2013-03-18 20:15:03 +01:00
event.c
ht.c mac80211: fix HT capability overrides for AP station 2013-03-06 16:36:02 +01:00
ibss.c mac80211: add missing channel context release 2013-09-07 22:09:59 -07:00
ieee80211_i.h mac80211: fix on-channel remain-on-channel 2014-06-07 13:25:31 -07:00
iface.c net: force a list_del() in unregister_netdevice_many() 2014-06-26 15:12:38 -04:00
Kconfig Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
key.c mac80211: batch key free synchronize_net() 2013-03-11 15:16:42 +02:00
key.h mac80211: batch key free synchronize_net() 2013-03-11 15:16:42 +02:00
led.c leds: Rename led_brightness_set() to led_set_brightness() 2012-07-24 07:52:34 +08:00
led.h
main.c mac80211: exclude AP_VLAN interfaces from tx power calculation 2014-05-13 13:59:44 +02:00
Makefile mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
mesh.c Merge remote-tracking branch 'wireless-next/master' into mac80211-next 2013-04-22 15:31:43 +02:00
mesh.h mac80211: return new mpath from mesh_path_add() 2013-04-08 09:16:59 +02:00
mesh_hwmp.c mac80211: parse VHT channel switch IEs 2013-04-16 15:29:45 +02:00
mesh_pathtbl.c mac80211: return new mpath from mesh_path_add() 2013-04-08 09:16:59 +02:00
mesh_plink.c mac80211: parse VHT channel switch IEs 2013-04-16 15:29:45 +02:00
mesh_ps.c mac80211: clear sequence/fragment number in QoS-null frames 2014-03-23 21:38:12 -07:00
mesh_sync.c mac80211: clean up mesh code 2013-02-15 15:46:37 +01:00
michael.c
michael.h
mlme.c Revert "mac80211: disable uAPSD if all ACs are under ACM" 2014-10-05 14:54:13 -07:00
offchannel.c mac80211: fix on-channel remain-on-channel 2014-06-07 13:25:31 -07:00
pm.c mac80211: fix suspend vs. authentication race 2014-06-07 13:25:31 -07:00
rate.c mac80211: fix typo in starting baserate for rts_cts_rate_idx 2014-11-14 08:48:00 -08:00
rate.h mac80211: track number of spatial streams 2013-02-15 09:41:31 +01:00
rc80211_minstrel.c mac80211/minstrel: fix NULL pointer dereference issue 2013-08-11 18:35:22 -07:00
rc80211_minstrel.h mac80211/minstrel: use the new rate control API 2013-04-22 16:16:41 +02:00
rc80211_minstrel_debugfs.c mac80211: cosmetics for minstrel_debugfs 2013-04-17 17:08:23 +02:00
rc80211_minstrel_ht.c mac80211: add a flag to indicate CCK support for HT clients 2013-09-07 22:09:59 -07:00
rc80211_minstrel_ht.h mac80211/minstrel_ht: use the new rate control API 2013-04-22 16:16:41 +02:00
rc80211_minstrel_ht_debugfs.c mac80211/minstrel_ht: add support for using CCK rates 2013-02-13 10:56:33 +01:00
rc80211_pid.h
rc80211_pid_algo.c
rc80211_pid_debugfs.c
rx.c mac80211: fix use-after-free in defragmentation 2014-11-21 09:22:53 -08:00
scan.c mac80211: correctly close cancelled scans 2013-11-13 12:05:30 +09:00
spectmgmt.c
sta_info.c mac80211: fix a memory leak on sta rate selection table 2014-07-09 11:14:01 -07:00
sta_info.h mac80211: fix AP powersave TX vs. wakeup race 2014-03-23 21:38:11 -07:00
status.c mac80211: update sta->last_rx on acked tx frames 2013-11-13 12:05:30 +09:00
tkip.c mac80211: use just spin_lock() in ieee80211_get_tkip_p2k() 2013-05-16 22:38:06 +02:00
tkip.h
trace.c mac80211: trace debug messages 2012-06-24 11:33:18 +02:00
trace.h mac80211: support secondary channel offset in CSA 2013-04-16 15:29:44 +02:00
tx.c Revert "mac80211: move "bufferable MMPDU" check to fix AP mode scan" 2014-08-07 14:30:27 -07:00
util.c mac80211: fix crash if bitrate calculation goes wrong 2013-11-13 12:05:30 +09:00
vht.c mac80211: restrict peer's VHT capabilities to own 2013-03-06 16:36:03 +01:00
wep.c
wep.h
wme.c mac80211: send control port protocol frames to the VO queue 2014-03-23 21:38:11 -07:00
wme.h mac80211: save wmm_acm per sdata 2012-06-20 17:35:22 +02:00
wpa.c mac80211: use spin_lock_bh() for TKIP lock 2013-02-15 09:41:13 +01:00
wpa.h