Two more fixes:

* handle allocation failures in new(ish) A-MSDU decapsulation * don't leak memory on nl80211 ACL parse errors -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJXfPjfAAoJEGt7eEactAAd9HMQAJ+KQipCHO+TE/b1tH40LFAO 1lptZfe3BSM24nkk0mYTi0a2ylzd9hsiuqFXsVBB32B7TARR3/MOCo/DsYd66PdN guEg5l/blMOiOoSmdnehvssboZTRwofFebDxnRv8UFWhyFxhbe/xZLUgYjX8JHhD +NvzTG0bpTlN8n8e4IsGsVzQkG0G9ianiOir8xSgj1ahHug3S/phR8PDCkbeEYA/ fgFk3bFhkOOoKbSDMAfeEN/Xc/k6IFkVS89ZI8QSTSrMZklvZqfFLLmxeRuxegk5 x5VDfPiCXSBez/OoxjlZgHmipGhWZOA9o5S3JxlFl8JSBWhJeVNvW4C1uAEaLRzF BZSWynA/a9HecSjzdjswOvx9bTXVNp3D3QldmjuxchdBrmFtrBRMSH3xmARG5F1X TslEJlyj6YkjsEjBgpwjxaE0wW9sAhd3GQDj6rvyz3RoRO1lDsu50Z8RVZ1uDbgY Q2/nspgPDf1hqQolsOYvaYhYPj75ZcncFG7FqO3mV5wqrSh+n0eyntUz1HW23T/J tm7nvS911V+jLGtbow0yHNu3jRSPW8mVXpI7eL1oP6DKJyxjn5CR4MtOFL8BB/lp NVtRzI88IgloyMc52/3A5dMELQigIbC2VheRZKNRX7FVYJnqPck6SNhcOvH9emBZ Ji/SbZ8oZNba2hvyQmMj =pfmq -----END PGP SIGNATURE----- Merge tag 'mac80211-for-davem-2016-07-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Two more fixes: * handle allocation failures in new(ish) A-MSDU decapsulation * don't leak memory on nl80211 ACL parse errors ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-08 23:53:41 -04:00 · 2016-07-08 23:53:41 -04:00 · 5b58d83617
parent 92f7d07d68 16a910a672
commit 5b58d83617
2 changed files with 6 additions and 4 deletions
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@ -3487,16 +3487,16 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
 		params.smps_mode = NL80211_SMPS_OFF;
 	}

+	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
+	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
+		return -EOPNOTSUPP;
+
 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
 		params.acl = parse_acl_data(&rdev->wiphy, info);
 		if (IS_ERR(params.acl))
 			return PTR_ERR(params.acl);
 	}

-	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
-	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
-		return -EOPNOTSUPP;
-
 	wdev_lock(wdev);
 	err = rdev_start_ap(rdev, dev, &params);
 	if (!err) {
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@ -721,6 +721,8 @@ __ieee80211_amsdu_copy(struct sk_buff *skb, unsigned int hlen,
 	 * alignment since sizeof(struct ethhdr) is 14.
 	 */
 	frame = dev_alloc_skb(hlen + sizeof(struct ethhdr) + 2 + cur_len);
+	if (!frame)
+		return NULL;

 	skb_reserve(frame, hlen + sizeof(struct ethhdr) + 2);
 	skb_copy_bits(skb, offset, skb_put(frame, cur_len), cur_len);