Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp395309pxf; Thu, 8 Apr 2021 05:32:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxfPaAlwP4FxMOl6kRCtH5zHnJeB/NuuAm97wXi1zYoagCFYhcEihoKfFPcQ+8ZAZ/H4BCK X-Received: by 2002:a17:907:3e92:: with SMTP id hs18mr9781549ejc.396.1617885154494; Thu, 08 Apr 2021 05:32:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617885154; cv=none; d=google.com; s=arc-20160816; b=QD9XKrJYgWDxbAJSeBnaKXVnDeStsP4NZZArYcV8lGzpM7rIGQiTYv13PGlsWGlwfM PiVWzpBfS1ZIS/mAmgKF9tLNRPxy5nMybwhwJfmfgwTG22zgtUoFjQE0OrycaKpD0KR/ 5LjOMyvmmTsPk0S1eY1r6om4awmGI6MrG9KHPQQHaEFQfu9nrqVCd2nCbs72nZWFO7rB Fyw5wWMOMpLq+GHHTPIcs3whOLePhvqBMbGeykBVgtlK2VbRnXjH2O8/jhYHtYTj6oQS N+TectmV7tMp1ld8tGIhw1UvpdQ/nn0dZ3+3OiCFSvyUi0PKEPfyx1Z/MHLhJZbvzHQx buEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=ay20daOIZvE7af9Oq5Huya02R7PiDUrhV3w4ygPrVhU=; b=go5UahxRomzYCt93Ucvo1zHxDVhrOl1FowLZF2iOygbt37Uem7runZFofoHMngwLFE t0yxLx692REdajnn/D8geuCea174NW+5gWJJD72fCT5gvbS/Dl/RnOOazseFQ7v+zs+/ rEq2O99ct4PvT0AbG2aY49362Aty9OMPzit/h7pVlyEB94ngrP3zTpb3Ir8EuWx2xdbj 1B9k8pOMMb3AJm67MIXwKEZwZh25MUEO9hhusuOuxfVF9T+mY6nQQyCSFjj/R4LmGn4a bykXwo+MGo7X/xumSfS2Aj2Shd6HzUaMTf9PvJJoUv8dp5SLT5kk/BmbSRHtnBHXPteA aDJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w11si16113336ede.2.2021.04.08.05.32.11; Thu, 08 Apr 2021 05:32:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230412AbhDHMcI (ORCPT + 99 others); Thu, 8 Apr 2021 08:32:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229837AbhDHMcF (ORCPT ); Thu, 8 Apr 2021 08:32:05 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1026C061760 for ; Thu, 8 Apr 2021 05:31:53 -0700 (PDT) Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94) (envelope-from ) id 1lUTpA-008zxK-58; Thu, 08 Apr 2021 14:31:52 +0200 From: Johannes Berg To: linux-wireless@vger.kernel.org Cc: Johannes Berg Subject: [PATCH] mac80211: bail out if cipher schemes are invalid Date: Thu, 8 Apr 2021 14:31:50 +0200 Message-Id: <20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Johannes Berg If any of the cipher schemes specified by the driver are invalid, bail out and fail the registration rather than just warning. Otherwise, we might later crash when we try to use the invalid cipher scheme, e.g. if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd have an out-of-bounds access in RX validation. Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support") Signed-off-by: Johannes Berg --- net/mac80211/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 1b9c82616606..0331f3a3c40e 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1141,8 +1141,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) if (local->hw.wiphy->max_scan_ie_len) local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len; - WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, - local->hw.n_cipher_schemes)); + if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes, + local->hw.n_cipher_schemes))) { + result = -EINVAL; + goto fail_workqueue; + } result = ieee80211_init_cipher_suites(local); if (result < 0) -- 2.30.2