From: Johannes Berg <johannes.berg@xxxxxxxxx>
This will likely never happen, but for completeness check
the key taint flag before using a key for beacon protection.
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Gregory Greenman <gregory.greenman@xxxxxxxxx>
---
net/mac80211/tx.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 7699fb410670..1f9294f5baa4 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -5115,6 +5115,12 @@ static int ieee80211_beacon_protect(struct sk_buff *skb,
tx.key = rcu_dereference(link->default_beacon_key);
if (!tx.key)
return 0;
+
+ if (unlikely(tx.key->flags & KEY_FLAG_TAINTED)) {
+ tx.key = NULL;
+ return -EINVAL;
+ }
+
tx.local = local;
tx.sdata = sdata;
__skb_queue_head_init(&tx.skbs);
--
2.38.1
