On Tue, 2008-07-01 at 10:45 +0200, Ivo van Doorn wrote: > Probe responses shouldn't be encrypted, and mac80211 doesn't > set the crypto key accordingly. However it didn't set the > IEEE80211_TX_CTL_DO_NOT_ENCRYPT flag which means drivers > could make an attempt to encrypt it, and causing a NULL > pointer dereference when accessing the provided hw_key field. > > Signed-off-by: Ivo van Doorn <IvDoorn@xxxxxxxxx> Acked-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> > --- > diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c > index 7b4d4d4..fd28cd8 100644 > --- a/net/mac80211/mlme.c > +++ b/net/mac80211/mlme.c > @@ -2531,6 +2531,7 @@ static int ieee80211_sta_join_ibss(struct net_device *dev, > control->flags |= IEEE80211_TX_CTL_SHORT_PREAMBLE; > control->antenna_sel_tx = local->hw.conf.antenna_sel_tx; > control->flags |= IEEE80211_TX_CTL_NO_ACK; > + control->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT; > control->control.retry_limit = 1; > > ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC); >
Attachment:
signature.asc
Description: This is a digitally signed message part
