LinuxLists.cc - [PATCH] mac80211: avoid NULL ptr deref when using WEP

2010-01-22 17:45:34

Subject: [PATCH] mac80211: avoid NULL ptr deref when using WEP

"mac80211: move control.hw_key assignment" changed an if-else into two
separate if statments, but the if-else is needed to prevent
dereferencing a null info->control.hw_key. This fixes avoids a lock-up
during association on my machine when using WEP.

Signed-off-by: John W. Linville <[email protected]>
---
net/mac80211/wep.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 0a4c641..5d745f2 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -310,9 +310,8 @@ static int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
tx->key->conf.keylen,
tx->key->conf.keyidx))
return -1;
- }
-
- if (info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) {
+ } else if (info->control.hw_key->flags &
+ IEEE80211_KEY_FLAG_GENERATE_IV) {
if (!ieee80211_wep_add_iv(tx->local, skb,
tx->key->conf.keylen,
tx->key->conf.keyidx))
--
1.6.2.5

2010-01-22 18:45:29

by Johannes Berg

[permalink] [raw]

Subject: Re: [PATCH] mac80211: avoid NULL ptr deref when using WEP

On Fri, 2010-01-22 at 12:39 -0500, John W. Linville wrote:
> "mac80211: move control.hw_key assignment" changed an if-else into two
> separate if statments, but the if-else is needed to prevent
> dereferencing a null info->control.hw_key. This fixes avoids a lock-up
> during association on my machine when using WEP.

Indeed, good catch, wonder how I arrived at that code.

johannes

> Signed-off-by: John W. Linville <[email protected]>
> ---
> net/mac80211/wep.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
> index 0a4c641..5d745f2 100644
> --- a/net/mac80211/wep.c
> +++ b/net/mac80211/wep.c
> @@ -310,9 +310,8 @@ static int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
> tx->key->conf.keylen,
> tx->key->conf.keyidx))
> return -1;
> - }
> -
> - if (info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) {
> + } else if (info->control.hw_key->flags &
> + IEEE80211_KEY_FLAG_GENERATE_IV) {
> if (!ieee80211_wep_add_iv(tx->local, skb,
> tx->key->conf.keylen,
> tx->key->conf.keyidx))

Attachments:

signature.asc (801.00 B)
This is a digitally signed message part

2010-01-22 21:03:54

by Kalle Valo

[permalink] [raw]

Subject: Re: [PATCH] mac80211: avoid NULL ptr deref when using WEP

"John W. Linville" <[email protected]> writes:

> "mac80211: move control.hw_key assignment" changed an if-else into two
> separate if statments, but the if-else is needed to prevent
> dereferencing a null info->control.hw_key. This fixes avoids a lock-up
> during association on my machine when using WEP.

Thanks. I was also suffering from this and your patch fixed it.

> Signed-off-by: John W. Linville <[email protected]>

Tested-by: Kalle Valo <[email protected]>

--
Kalle Valo