openkylin
/
platform_kernel-5.15
mirror of https://gitee.com/openkylin/platform_kernel-5.15.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

mac80211: fix race in TKIP MIC test debugfs file 

Accessing sdata->vif.bss_conf.bssid without any
protection here is racy, use u.mgd.associated
instead and lock the correct mutex for it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg 2012-11-05 20:27:57 +01:00
parent 28656a111a
commit 41c97a2032
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
net/mac80211/debugfs_netdev.c
View File

@ -284,13 +284,16 @@ static ssize_t ieee80211_if_parse_tkip_mic_test(
case NL80211_IFTYPE_STATION: case NL80211_IFTYPE_STATION:
fc |= cpu_to_le16(IEEE80211_FCTL_TODS); fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
/* BSSID SA DA */ /* BSSID SA DA */
if (sdata->vif.bss_conf.bssid == NULL) { mutex_lock(&sdata->u.mgd.mtx);
if (!sdata->u.mgd.associated) {
mutex_unlock(&sdata->u.mgd.mtx);
dev_kfree_skb(skb); dev_kfree_skb(skb);
return -ENOTCONN; return -ENOTCONN;
} }
memcpy(hdr->addr1, sdata->vif.bss_conf.bssid, ETH_ALEN); memcpy(hdr->addr1, sdata->u.mgd.associated->bssid, ETH_ALEN);
memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN); memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
memcpy(hdr->addr3, addr, ETH_ALEN); memcpy(hdr->addr3, addr, ETH_ALEN);
mutex_unlock(&sdata->u.mgd.mtx);
break; break;
default: default:
dev_kfree_skb(skb); dev_kfree_skb(skb);