Search Linux Wireless

Re: [PATCH] cfg80211: fix a crash in nl80211_send_station

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Aug 10, 2011 at 07:00:33PM -0600, Felix Fietkau wrote:
> mac80211 leaves sinfo->assoc_req_ies uninitialized, causing a random
> pointer memory access in nl80211_send_station.
> Instead of checking if the pointer is null, use sinfo->filled, like
> the rest of the fields.

Thanks! This was too easy a trap to fall into.. It looked obvious that
sinfo would be cleared before calls, but clearly not (well, it was
cleared in the driver that I used for testing this ;-). I'll see if an
additional patch could be added to make this less likely to happen
again.

-- 
Jouni Malinen                                            PGP id EFC895FA
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux