Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4738778pxj; Wed, 12 May 2021 12:05:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdqzOgbp9+hp0PMslYJkaXRugB6X61kYoSm6USwQmaO0Ypfq3m3YVjmbMeYNTLqnxOFQm5 X-Received: by 2002:a17:906:4a81:: with SMTP id x1mr1148152eju.508.1620846223368; Wed, 12 May 2021 12:03:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620846223; cv=none; d=google.com; s=arc-20160816; b=xHlRDv/P84Ppq2Dn3AQR/KzWcYLH6Jh58JuA3WXBh3ts1EvSeQb44fanC6goFPkFNp L6k5kgBYacfq2zBy6W5sPOEHnv1+/DzTW2uu9CJaZz4OyGAF0m/W2QD/NagdGQDpWa8f prG+hxAUVEohOAmypszvL6l7wYLfkmBw/uzKnGkCQcbWy9VuN1vgugybKZtQZEAXW+T4 uHiX4s8PbTYQdMpNjW4QOQX7LUN8NSuweqWgHDiWHFwX+/9tfMICJIsYz/2bjxzoX8rk BA/Kvtb6OmOS7MONatvSjH4k3aYD2DBbioL1f/z61aBNO7cAdIXckjGN4lwmNhLoy8Kx QcpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=mY8dgwJknSLTRNJIZR1v4y0noxGZ6b6olFaugBaHRBE=; b=NGCDZllJWKcOr/C/x4/A7CY0ylO0VtUzGSHLgoklGfPLj9aQOUfrdroJsGOd/jyOx6 OoKrzoO4TrKUvLTF9JHn64HtBszR1tRCmVSzTkMUf3/dWsUryLeB8rfBqqGGaUaKyV8f YE9v8+kroyv7DkFhghPOsWyL74BEcknFdrb0PlfEYJ+KyeO9mQpmCh2Ib+ypObFj1XaW t3a63v3430xgISwQ5lK4iqzFyxL8GlpIOX427qInaySrhVYT9YjbpMHgHOO1yH8quF4r ES9TJBFyceH6lTpmdOTmFj4DyJT5PBJ8Kk7c+pyH/Ng+eLpxp4nHRnX6/AHjE1iLB5BT e5Tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Pbo6l5+s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ze15si622012ejb.113.2021.05.12.12.03.12; Wed, 12 May 2021 12:03:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Pbo6l5+s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376707AbhELSzS (ORCPT + 99 others); Wed, 12 May 2021 14:55:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:33484 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244120AbhELQmg (ORCPT ); Wed, 12 May 2021 12:42:36 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F0C0761D12; Wed, 12 May 2021 16:10:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620835854; bh=bAgG67EXBWeNXfIAaWjuWrwMcAGrJEMjXJZkQL7WAZQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Pbo6l5+s61cCIsSVMPm7kBEfd5RkQY/0RyvQGh3ekvUPfy7Yvl9Q79r4d/+SDnpEs upUELK/jcS+jtwWm9A8o1SFvBeFtGSeb/x9jWskV54u6tIt4o5KFTvGYcBFibKPaV7 SKZmgWceCEUM9LznsbWowtnK5eE4RhwRMmE1pmYc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg , Sasha Levin Subject: [PATCH 5.12 511/677] mac80211: bail out if cipher schemes are invalid Date: Wed, 12 May 2021 16:49:17 +0200 Message-Id: <20210512144854.367419701@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210512144837.204217980@linuxfoundation.org> References: <20210512144837.204217980@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg [ Upstream commit db878e27a98106a70315d264cc92230d84009e72 ] If any of the cipher schemes specified by the driver are invalid, bail out and fail the registration rather than just warning. Otherwise, we might later crash when we try to use the invalid cipher scheme, e.g. if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd have an out-of-bounds access in RX validation. Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support") Link: https://lore.kernel.org/r/20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/mac80211/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 1b9c82616606..0331f3a3c40e 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1141,8 +1141,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) if (local->hw.wiphy->max_scan_ie_len) local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len; - WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, - local->hw.n_cipher_schemes)); + if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, + local->hw.n_cipher_schemes))) { + result = -EINVAL; + goto fail_workqueue; + } result = ieee80211_init_cipher_suites(local); if (result < 0) -- 2.30.2