Received: by 2002:a05:6520:4211:b029:f4:110d:56bc with SMTP id o17csp2119686lkv; Thu, 20 May 2021 03:53:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxIKgA4hoiXAmyA8PSDW7TV5EFxMH2qHGMSmDLutR3cfaGrzBqDLlfc1MctSExFHvJ8g7YG X-Received: by 2002:a05:6402:35c4:: with SMTP id z4mr4221490edc.362.1621507984623; Thu, 20 May 2021 03:53:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621507984; cv=none; d=google.com; s=arc-20160816; b=T00HLzFK/Tbs/zlEAqmpuro18Oz/fu63Uzkdcl2dOl2TmfHGutSTy4PIIlZWAjIJQw cJh7jPn8cgcZ071fgssOyYtX9gtMJu7rLTmBw8vdRJXBW7lLFTAEdh+bccG1PlYvSYc7 pJhqPGxqH/cAmjvVRNuDTHRFHxy/HWLRtDmIGCwkMmMJwLvhzmMyzYIUFFJGo5sY4Q25 c8Kr4YdOb2f6canw5OPkynJsZXyQKS/ahckIfU+UFFuWJmSPEPbXGCbEfAUzQgC7U5Ef NeYcEhB3Ow+TbIIU8WQSTNTi1xs86rJKY1X7aztm2l+i6wkE5znKcL9h/w6eOC7BA/UK 7hXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=7B9H13tB/lCWpf8wX3tsV2qDYRRua4RA81dz5IvM3gw=; b=MXVmK0Mi/Fdsdf1Lkojrt5Uh+wqKS/RnR6hTlcr5M+fyyoQGUr9526axFd1+pgAO9v tQJghYkRKTZwEY8ufOhJu2bZr2ITHWZo9/lpGZOqXNOEp8VKSSscWBi2/tLuPT4Tod47 IlX+J7qEwO5EKpHFd44UlsK5DdQDzq0nhpYZ1z2UxvvtSVs6yQFM8Joyh5PU+se5JZGk 2nKqDcKuAgY/1f5tgi/ESjDHICCGzYJn/DH5JlK275v9eWQ1Gn6TDxg2rdCphCDZvFv0 /tBHMUOiEewKmJvTA6JLIr43WtIh1sii3jb93MGVzF65prz7BITWujRooGNeGmG6K16P msJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=o2wgtft7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s18si2641141ejh.472.2021.05.20.03.52.39; Thu, 20 May 2021 03:53:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=o2wgtft7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237696AbhETKvE (ORCPT + 99 others); Thu, 20 May 2021 06:51:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:39828 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237815AbhETKfi (ORCPT ); Thu, 20 May 2021 06:35:38 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 96C9161C60; Thu, 20 May 2021 09:53:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621504429; bh=d0XyCZajFhdsawT98emn2xj0whUeV6aPMjizOV0UV/U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=o2wgtft7Rcno7+02btOJuuWwFKICG30zwy2D9dMkz1J4qyAbRxBtD3+mvYOi2TyQF StSmj/24Ych20vX9SLYgv5xE+FI6ouPU6dbmHGYL7E+HcuZSEZHOd7XkDB6pS+ao3+ V3PZojDlWoW15hRUCt3TLJFac2sD+LSicAPHpF2Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg , Sasha Levin Subject: [PATCH 4.14 207/323] mac80211: bail out if cipher schemes are invalid Date: Thu, 20 May 2021 11:21:39 +0200 Message-Id: <20210520092127.220041893@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210520092120.115153432@linuxfoundation.org> References: <20210520092120.115153432@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg [ Upstream commit db878e27a98106a70315d264cc92230d84009e72 ] If any of the cipher schemes specified by the driver are invalid, bail out and fail the registration rather than just warning. Otherwise, we might later crash when we try to use the invalid cipher scheme, e.g. if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd have an out-of-bounds access in RX validation. Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support") Link: https://lore.kernel.org/r/20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/mac80211/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 2136ce3b4489..a24acd0ee788 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1043,8 +1043,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) if (local->hw.wiphy->max_scan_ie_len) local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len; - WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, - local->hw.n_cipher_schemes)); + if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, + local->hw.n_cipher_schemes))) { + result = -EINVAL; + goto fail_workqueue; + } result = ieee80211_init_cipher_suites(local); if (result < 0) -- 2.30.2