Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 11:53:01 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/wireless
History
Vladis Dronov 97b0964874 nl80211: check for the required netlink attributes presence 
commit e785fa0a164aa11001cba931367c7f94ffaff888 upstream.

nl80211_set_rekey_data() does not check if the required attributes
NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
users with CAP_NET_ADMIN privilege and may result in NULL dereference
and a system crash. Add a check for the required attributes presence.
This patch is based on the patch by bo Zhang.

This fixes CVE-2017-12153.

Change-Id: Ia6ce5dd03a88412020e47a681cb75f4e8c1aafd8
References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046
Fixes: e5497d766a ("cfg80211/nl80211: support GTK rekey offload")
Reported-by: bo Zhang <zhangbo5891001@gmail.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
2017-10-19 13:01:46 +00:00
..
.gitignore
ap.c
chan.c This is the 3.10.67 stable release 2015-04-24 18:04:40 -07:00
core.c
core.h cfg80211: Add option to report the bss entry in connect result 2016-09-07 16:07:24 +05:30
db.txt Import T713XXU2BQD3 kernel source changes 2017-07-01 12:51:07 +02:00
debugfs.c
debugfs.h
ethtool.c cfg80211: export cfg80211_get_drvinfo from ethtool 2014-10-23 16:12:21 +03:00
ethtool.h
genregdb.awk
ibss.c
Kconfig
lib80211.c
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
Makefile
mesh.c
mlme.c
nl80211.c nl80211: check for the required netlink attributes presence 2017-10-19 13:01:46 +00:00
nl80211.h
radiotap.c
rdev-ops.h cfg80211: Add support for aborting an ongoing scan 2016-10-07 12:01:24 +05:30
reg.c cfg80211: add helper reg_get_regdomain() function 2015-03-11 13:17:21 -07:00
reg.h
regdb.h
scan.c cfg80211: Allow a scan request for a specific BSSID 2016-09-07 14:40:52 +05:30
sme.c cfg80211: Add option to report the bss entry in connect result 2016-09-07 16:07:24 +05:30
sysfs.c
sysfs.h
trace.c
trace.h cfg80211: Add support for aborting an ongoing scan 2016-10-07 12:01:24 +05:30
util.c cfg80211: Add option to report the bss entry in connect result 2016-09-07 16:07:24 +05:30
wext-compat.c cfg80211: wext: clear sinfo struct before calling driver 2015-06-22 16:55:54 -07:00
wext-compat.h
wext-core.c wext: fix message delay/ordering 2016-03-16 08:41:36 -07:00
wext-priv.c
wext-proc.c
wext-sme.c
wext-spy.c