From: Johannes Berg <johannes.berg@xxxxxxxxx>
If any of the cipher schemes specified by the driver are invalid, bail
out and fail the registration rather than just warning. Otherwise, we
might later crash when we try to use the invalid cipher scheme, e.g.
if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd
have an out-of-bounds access in RX validation.
Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support")
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx>
---
net/mac80211/main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index f27aed37ed2b..ba624cb250b3 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1137,8 +1137,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
if (local->hw.wiphy->max_scan_ie_len)
local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len;
- WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
- local->hw.n_cipher_schemes));
+ if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
+ local->hw.n_cipher_schemes))) {
+ result = -EINVAL;
+ goto fail_workqueue;
+ }
result = ieee80211_init_cipher_suites(local);
if (result < 0)
--
2.31.0
