openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

ath6kl: Fix invalid pointer access on fuzz testing with AP mode 

In our Fuz testing, reference client corrupts the dest mac to "00:00:00:00:00:00"
in the WPA2 handshake no 2. During driver init the sta_list entries mac
addresses are by default "00:00:00:00:00:00". Driver returns an invalid
pointer (conn) and the drver shall crash, if rxtids (aggr_conn)
skb queues are accessed, since they would not be initialized.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This commit is contained in:
Mohammed Shafi Shajakhan 2013-08-05 10:19:22 +05:30 committed by Kalle Valo
parent f32036e823
commit 9d0e2f0772
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/net/wireless/ath/ath6kl/main.c
View File

@ -29,6 +29,9 @@ struct ath6kl_sta *ath6kl_find_sta(struct ath6kl_vif *vif, u8 *node_addr)
struct ath6kl_sta *conn = NULL;
u8 i, max_conn;
if (is_zero_ether_addr(node_addr))
return NULL;
max_conn = (vif->nw_type == AP_NETWORK) ? AP_MAX_NUM_STA : 0;
for (i = 0; i < max_conn; i++) {