[PATCH] cfg80211: fix scan crash on single-band cards

Johannes Berg <johannes@xxxxxxxxxxxxxxxx> · Wed, 20 Jul 2011 00:52:16 +0200

From: Johannes Berg <johannes.berg@xxxxxxxxx>

commit 58389c69150e6032504dfcd3edca6b1975c8b5bc
Author: Johannes Berg <johannes.berg@xxxxxxxxx>
Date:   Mon Jul 18 18:08:35 2011 +0200

     cfg80211: allow userspace to control supported rates in scan

made single-band cards crash since it would always
access all wiphy->bands[]. Fix this and reject any
attempts in the new helper ieee80211_get_ratemask()
to do the same, rejecting rates configuration for
unsupported bands.

Reported-by: Pavel Roskin <proski@xxxxxxx>
Tested-by: Pavel Roskin <proski@xxxxxxx>
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
---
 net/wireless/nl80211.c |    4 +++-
 net/wireless/scan.c    |    3 ++-
 net/wireless/util.c    |    3 +++
 3 files changed, 8 insertions(+), 2 deletions(-)

--- a/net/wireless/nl80211.c	2011-07-20 00:50:57.000000000 +0200
+++ b/net/wireless/nl80211.c	2011-07-20 00:51:00.000000000 +0200
@@ -3454,7 +3454,9 @@ static int nl80211_trigger_scan(struct s
 	}
 
 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
-		request->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
+		if (wiphy->bands[i])
+			request->rates[i] =
+				(1 << wiphy->bands[i]->n_bitrates) - 1;
 
 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
 		nla_for_each_nested(attr,
--- a/net/wireless/scan.c	2011-07-20 00:50:57.000000000 +0200
+++ b/net/wireless/scan.c	2011-07-20 00:51:00.000000000 +0200
@@ -864,7 +864,8 @@ int cfg80211_wext_siwscan(struct net_dev
 	}
 
 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
-		creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
+		if (wiphy->bands[i])
+			creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
 
 	rdev->scan_req = creq;
 	err = rdev->ops->scan(wiphy, dev, creq);
--- a/net/wireless/util.c	2011-07-20 00:50:57.000000000 +0200
+++ b/net/wireless/util.c	2011-07-20 00:51:00.000000000 +0200
@@ -1013,6 +1013,9 @@ int ieee80211_get_ratemask(struct ieee80
 {
 	int i, j;
 
+	if (!sband)
+		return -EINVAL;
+
 	if (n_rates == 0 || n_rates > NL80211_MAX_SUPP_RATES)
 		return -EINVAL;
 


--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





