linux/net/wireless
Dmitry Ivanov 8f815cdde3 nl80211: check netlink protocol in socket release notification
A non-privileged user can create a netlink socket with the same port_id as
used by an existing open nl80211 netlink socket (e.g. as used by a hostapd
process) with a different protocol number.

Closing this socket will then lead to the notification going to nl80211's
socket release notification handler, and possibly cause an action such as
removing a virtual interface.

Fix this issue by checking that the netlink protocol is NETLINK_GENERIC.
Since generic netlink has no notifier chain of its own, we can't fix the
problem more generically.

Fixes: 026331c4d9 ("cfg80211/mac80211: allow registering for and sending action frames")
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
[rewrite commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-04-12 15:39:06 +02:00
..
.gitignore
Kconfig cfg80211: Fix some linguistics in Kconfig 2016-02-24 09:04:23 +01:00
Makefile cfg80211: 802.11p OCB mode handling 2014-11-04 13:18:17 +01:00
ap.c cfg80211: export interface stopping function 2014-05-06 15:16:34 +02:00
chan.c cfg80211: use RTNL locked reg_can_beacon for IR-relaxation 2015-07-17 15:02:02 +02:00
core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-03-08 12:34:12 -05:00
core.h cfg80211: Remove unused cfg80211_can_use_iftype_chan() 2015-12-04 14:43:32 +01:00
db.txt
debugfs.c mac80211: fix some snprintf misuses 2013-10-01 12:16:51 +02:00
debugfs.h
ethtool.c cfg80211: make ethtool the driver's responsibility 2014-06-23 11:05:33 +02:00
genregdb.awk wireless: fixup genregdb.awk for remove of antenna gain from wireless-regd 2014-07-21 12:24:20 +02:00
ibss.c Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
lib80211.c lib80211: remove unused print_ssid() 2014-10-14 02:18:27 +02:00
lib80211_crypt_ccmp.c lib80211: ratelimit key index mismatch 2015-12-04 14:43:32 +01:00
lib80211_crypt_tkip.c lib80211: Use skcipher and ahash 2016-01-27 20:36:03 +08:00
lib80211_crypt_wep.c lib80211: Use skcipher and ahash 2016-01-27 20:36:03 +08:00
mesh.c cfg80211: export interface stopping function 2014-05-06 15:16:34 +02:00
mlme.c cfg80211/mac80211: use to_delayed_work 2016-01-14 11:13:15 +01:00
nl80211.c nl80211: check netlink protocol in socket release notification 2016-04-12 15:39:06 +02:00
nl80211.h cfg80211: allow wiphy specific regdomain management 2014-12-17 11:49:55 +01:00
ocb.c cfg80211: ocb: Fix null pointer deref if join_ocb is unimplemented 2015-12-04 14:43:32 +01:00
radiotap.c cfg80211: add radiotap VHT info to rtap_namespace_sizes 2016-02-24 09:04:41 +01:00
rdev-ops.h cfg80211: Add support for aborting an ongoing scan 2015-12-04 14:43:32 +01:00
reg.c Here's another round of updates for -next: 2016-03-01 17:03:27 -05:00
reg.h cfg80211: Stop calling crda if it is not responsive 2015-04-01 11:22:38 +02:00
regdb.h cfg80211: relicense reg.c reg.h and genregdb.awk to ISC 2012-01-04 14:30:41 -05:00
scan.c cfg80211: Add multiple scan plans for scheduled scan 2015-10-13 10:35:26 +02:00
sme.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-03-08 12:34:12 -05:00
sysfs.c cfg80211: Switch to PM ops 2015-05-20 15:00:12 +02:00
sysfs.h net: misc: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
trace.c cfg80211: add tracing to rdev-ops 2012-10-18 10:53:37 +02:00
trace.h cfg80211: Add support for aborting an ongoing scan 2015-12-04 14:43:32 +01:00
util.c wireless: use reset to set mac header 2016-03-04 22:45:13 -05:00
wext-compat.c cfg80211: wext: clear sinfo struct before calling driver 2015-06-09 13:54:58 -07:00
wext-compat.h cfg80211-wext: export symbols only when needed 2015-02-28 21:31:09 +01:00
wext-core.c cfg80211/wext: fix message ordering 2016-01-29 17:13:43 +01:00
wext-priv.c
wext-proc.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
wext-sme.c wireless: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:38 -05:00
wext-spy.c wireless: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:19 -04:00