Patch "iwlwifi: mvm: check sta_id/drain values in debugfs" has been added to the 3.12-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    iwlwifi: mvm: check sta_id/drain values in debugfs

to the 3.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     iwlwifi-mvm-check-sta_id-drain-values-in-debugfs.patch
and it can be found in the queue-3.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 60765a47a433d54e4744c285ad127f182dcd80aa Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@xxxxxxxxx>
Date: Fri, 25 Oct 2013 13:06:06 +0200
Subject: iwlwifi: mvm: check sta_id/drain values in debugfs

From: Johannes Berg <johannes.berg@xxxxxxxxx>

commit 60765a47a433d54e4744c285ad127f182dcd80aa upstream.

The station ID must be valid, if it's out of range then
the array access may crash. Validate the station ID to
the array length, and also validate the drain value even
if that doesn't matter all that much.

Fixes: 8ca151b568b6 ("iwlwifi: add the MVM driver")
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/net/wireless/iwlwifi/mvm/debugfs.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/net/wireless/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/iwlwifi/mvm/debugfs.c
@@ -119,6 +119,10 @@ static ssize_t iwl_dbgfs_sta_drain_write
 
 	if (sscanf(buf, "%d %d", &sta_id, &drain) != 2)
 		return -EINVAL;
+	if (sta_id < 0 || sta_id >= IWL_MVM_STATION_COUNT)
+		return -EINVAL;
+	if (drain < 0 || drain > 1)
+		return -EINVAL;
 
 	mutex_lock(&mvm->mutex);
 


Patches currently in stable-queue which might be from johannes.berg@xxxxxxxxx are

queue-3.12/mac80211-fix-scheduled-scan-rtnl-deadlock.patch
queue-3.12/cfg80211-disable-5-10-mhz-support-for-all-drivers.patch
queue-3.12/iwlwifi-pcie-fix-interrupt-coalescing-for-7260-3160.patch
queue-3.12/iwlwifi-mvm-check-sta_id-drain-values-in-debugfs.patch
queue-3.12/mac80211-don-t-attempt-to-reorder-multicast-frames.patch
queue-3.12/revert-mac80211-allow-disable-power-save-in-mesh.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]