Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4564562pxj; Wed, 12 May 2021 08:17:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFT/c0BpdlvDF6GUUJ40R5Timh33I0Z00hq/G3SIJiIwcfLA56w2av/tp8wrDTzS4Gw9Qc X-Received: by 2002:a9d:6359:: with SMTP id y25mr31688657otk.103.1620832640709; Wed, 12 May 2021 08:17:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620832640; cv=none; d=google.com; s=arc-20160816; b=hNeSSZLx0NDrSM1kLEM0wmoyKZ4VEu9sHu7yA7NLvaBd3OYvwSnoAnvorud/LCZuWT ZkH+SjU8PSvxM/jmlcGhwzQGF9X8fE9aPYlMpSDKR176JtQhemWqnlXjdjfB05xvjTyR 4uEIN2+gFzSZjqtyfkCBabeVkNEh7IydjaGymgLBO1hnGbeNRdyCKIYtRWnI74DJOp2W w0Qi0pOnBUkq1UcGHpW5dnwE94dXT8K2QP5rQeO1wh47mc8+QgSCllzC9kmzmVXNy3s8 1ztfNGE50BJ6VO8xDIvcxaEgT5zo9A76cPnwP2v00ASmsz9Cx0cK49isxhUHO9pKsQtw 0iOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ctKvMS3lx0hhIzu7icCuucKXBYuJOmYMSDbBk0OAiTE=; b=TkuJsnDw90BDvo6VtRsYgeFZZjclmoFZJXsbnRcIAWQJmN19T7Rg4tdIqKFsDH2rAo VzcWt/6cKdKgogv7Y35v6BIkbGyOx7QdE98ep0zQDv+QbBLr2B8g5GwIKOH/fJBTN2uH shuCHKU3AKhpngZs9yXwqT2pGXWZeOOlYYNxkMFWjCkHd/LwN+CAFn6kOz/jouxv+rBV GaPJ5dSWWuUuIJD2vqi629g3lqSUsMlx2FEy5odRNRL50YTbzF8Gj3UVn32bmn9NMVb1 5cWkxO3AQOYvUmV5qYAtLgSeytKThKWXpjt4+ZR2fap6+L3nxGFTyxuDls9pLFS3+Wep w0qQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=2NMmGezr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v18si163538oto.69.2021.05.12.08.17.07; Wed, 12 May 2021 08:17:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=2NMmGezr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233105AbhELPN4 (ORCPT + 99 others); Wed, 12 May 2021 11:13:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:56088 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233400AbhELPFS (ORCPT ); Wed, 12 May 2021 11:05:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id DFC1D6194C; Wed, 12 May 2021 15:00:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620831614; bh=JnMTwQBXdOGAb2QN0xc3vP9rfU446/io+sj55gkFHGM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2NMmGezrp3vRMU7UYk4p7+gy/YI9k+8ERl0ULCb3pK5oabTi4M+huD5ZQXnz1lH3f UuE/8/d868Cy8d3KWEZnwoV5qINyaaf9VxZfQH+8UiZFaUpTHKVJx3YwD3HJ4Cfb2y k+Gha2ForM71Pmxx3S8mNAfaOHjU2b650l+TIjOA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg , Sasha Levin Subject: [PATCH 5.4 189/244] mac80211: bail out if cipher schemes are invalid Date: Wed, 12 May 2021 16:49:20 +0200 Message-Id: <20210512144749.045919231@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210512144743.039977287@linuxfoundation.org> References: <20210512144743.039977287@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg [ Upstream commit db878e27a98106a70315d264cc92230d84009e72 ] If any of the cipher schemes specified by the driver are invalid, bail out and fail the registration rather than just warning. Otherwise, we might later crash when we try to use the invalid cipher scheme, e.g. if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd have an out-of-bounds access in RX validation. Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support") Link: https://lore.kernel.org/r/20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/mac80211/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 5b3189a37680..f215218a88c9 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1113,8 +1113,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) if (local->hw.wiphy->max_scan_ie_len) local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len; - WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, - local->hw.n_cipher_schemes)); + if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, + local->hw.n_cipher_schemes))) { + result = -EINVAL; + goto fail_workqueue; + } result = ieee80211_init_cipher_suites(local); if (result < 0) -- 2.30.2