Search Linux Wireless

Re: wifi: mac80211: fix use-after-free in chanctx code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:

> From: Johannes Berg <johannes.berg@xxxxxxxxx>
> 
> In ieee80211_vif_use_reserved_context(), when we have an
> old context and the new context's replace_state is set to
> IEEE80211_CHANCTX_REPLACE_NONE, we free the old context
> in ieee80211_vif_use_reserved_reassign(). Therefore, we
> cannot check the old_ctx anymore, so we should set it to
> NULL after this point.
> 
> However, since the new_ctx replace state is clearly not
> IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do
> anything else in this function and can just return to
> avoid accessing the freed old_ctx.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 5bcae31d9cb1 ("mac80211: implement multi-vif in-place reservations")
> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>

Patch applied to wireless.git, thanks.

2965c4cdf7ad wifi: mac80211: fix use-after-free in chanctx code

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20220601091926.df419d91b165.I17a9b3894ff0b8323ce2afdb153b101124c821e5@changeid/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux