Received: by 2002:ab2:69cc:0:b0:1fd:c486:4f03 with SMTP id n12csp486639lqp; Tue, 11 Jun 2024 09:59:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUEFehb+KZZTHGOR7bCiPJ4QPtccd0iTkWIh3dkqnCDLDyYL9oChpDoNqAJbu+GAK/xnfeqW/uUnAH4r1/202DZ5/pIClCP6S1VhCQsXw== X-Google-Smtp-Source: AGHT+IG8Iyo+gbLQRNgfz/P6cwibLVh5mw2vmpPy7NRDEW8SxuD0vLDeqo+cy7uA37i9vy0c6c1s X-Received: by 2002:a17:903:41ca:b0:1f6:7f45:4d37 with SMTP id d9443c01a7336-1f6d03f5337mr135839255ad.66.1718125160786; Tue, 11 Jun 2024 09:59:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718125160; cv=pass; d=google.com; s=arc-20160816; b=H1104SdBBpZNnqgFtW5mI8OvEDQqq+O/QjJQiyjljJdcwOtYxZENX3pCGn4sXe3rvT Rzj4uq9cql2Uq3VJOBbacBf7EL+A7GoDXmEeSCdvGs0OEpFb7XF7vJoi3dyDbLeS66nF zFVToK7AttzkAFKuXwjgw891tCnkP7fBuijJt9QZQDEkPlU8US0IsS2fg18pxstxLII+ 8htE8z8IQA4HT3FYP09QHNK4XB9LM6oh7R2VE8VwphL9cufDDn+UPgbj1JX5Yz+hCeS4 y68PruDmOKnMchUqmWRD46JyQnS4yW6949gMc0LIiCmSYjSALsc6ljigKCLBg42ZOM7V arUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=3v2wNHR5M70phZMaxepwnBAtXq5Ap8HzqNbvoIlfFO4=; fh=Lm7J0xZ7ZzpQ3B1spHNfSrLSZ8mCtZesW5Z7Oq5wKt0=; b=iaN0i2ZfHehscQNwyHD2ndl+jfB+RX6R2GDy8VBmwo9lTB29W7z4h0yG76Fg2ZqWGM dgQUIoviio4+WX69PR+NTjJ+jk+SoMZydRPkBSu4gId4cO5ahqfA6ZYIPB0uOryg5n5b vadA54HB9ncUBzT91cej6CXImkp4yCyPc9/5Pkp+U1VGN+Yxowb/2T3bFwuVkAy9nBln YwWMBwx4OSVvGUmPKcBZ90x4H6jEh9W6AACfuJqZY9uptnFVLTYIH6guJmakqfLJie1x m/mAuQ/JfIUwA7Pq4a4cElXv08XVZFZjdYVUs5IZJriz7HG8Sp9qQ9Y7W84nkXRfGEyv Izvw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=ZE7+uMV+; arc=pass (i=1 spf=pass spfdomain=sipsolutions.net dkim=pass dkdomain=sipsolutions.net dmarc=pass fromdomain=sipsolutions.net); spf=pass (google.com: domain of linux-wireless+bounces-8804-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-8804-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f6bd75fddesi89696055ad.90.2024.06.11.09.59.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Jun 2024 09:59:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless+bounces-8804-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=ZE7+uMV+; arc=pass (i=1 spf=pass spfdomain=sipsolutions.net dkim=pass dkdomain=sipsolutions.net dmarc=pass fromdomain=sipsolutions.net); spf=pass (google.com: domain of linux-wireless+bounces-8804-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-8804-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6CBB628DD4F for ; Tue, 11 Jun 2024 16:59:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B62E61CFA9; Tue, 11 Jun 2024 16:58:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sipsolutions.net header.i=@sipsolutions.net header.b="ZE7+uMV+" X-Original-To: linux-wireless@vger.kernel.org Received: from sipsolutions.net (s3.sipsolutions.net [168.119.38.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E097C1EB21 for ; Tue, 11 Jun 2024 16:58:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.38.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718125105; cv=none; b=ewRMKmf2YElk3OhM98s/jSdjzVtqlVJ4fh354xbrg0r5zzbuwIejwUrxcIWpROC6QmpbkYVMQusk+GBKj47oqrZmMId7QvcvDdzbk6Y2bY7FgrGZcMO7QjoubXziUK4U8ERIqJ4iWo3FMx0lgrreOA8+Oq428B6rx0xnPummQPQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718125105; c=relaxed/simple; bh=APVzMLSve7KNEZWoXD7M2LkktVyFDne234/i7cMd6Rk=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=QpbUawSICmrYSqUwmFvISITzSUXM83Tl2yymsVU6tF3apmakloUGdolEavcCw1RCSOEDTR82PriIA2NAgsghWXq7v5r/1/5CnoUvIVZfstcysTyNgSwbIIV/rwheTKOf9Q5j7Y41MIHWZ2G/qDIlZ70pSh+EhwqwdrvFVFQ7j9Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sipsolutions.net; spf=pass smtp.mailfrom=sipsolutions.net; dkim=pass (2048-bit key) header.d=sipsolutions.net header.i=@sipsolutions.net header.b=ZE7+uMV+; arc=none smtp.client-ip=168.119.38.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sipsolutions.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sipsolutions.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version: Message-ID:Date:Subject:Cc:To:From:Content-Type:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-To:Resent-Cc: Resent-Message-ID:In-Reply-To:References; bh=3v2wNHR5M70phZMaxepwnBAtXq5Ap8HzqNbvoIlfFO4=; t=1718125103; x=1719334703; b=ZE7+uMV+3OTjqRKxRuEQh5R16jXpOk70GWBd7/MS3SSgq2L9QsjuCn69r0ceCxRy6k3LOcHSg+X hyxR4zbK0okCQNhYDBM/1CTkEK4up71QvTT0X7GfflDj2dlprVDXEkwoIWfCHXdF+roF3oZmxi6kh 87wQu/Iga7HIt/mDh0TjdF99GvyTrgLp+CGoljn4x9lZYQY1isdsk4jCjaIGr+z5by7wwX0GK8GrB 5Q6QEtc3ZIZDjk1JYa7GrZKywfxyoITyFj/GPbxYKUmUhJQVjFJ+YxGyVxI0o0EwOGdh9fo53C7cw 5hXOikc6fPl7LIsZm+Q4FUprXN5m7Kcn/w1w==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.97) (envelope-from ) id 1sH4pA-00000008tF8-0dxx; Tue, 11 Jun 2024 18:58:20 +0200 From: Johannes Berg To: linux-wireless@vger.kernel.org Cc: Johannes Berg , syzbot+cd6135193ba6bb9ad158@syzkaller.appspotmail.com Subject: [PATCH wireless] wifi: cfg80211: wext: set ssids=NULL for passive scans Date: Tue, 11 Jun 2024 18:58:16 +0200 Message-ID: <20240611185816.1568ff55ede1.I516eed4993495eee54290364e35535b93857fd5d@changeid> X-Mailer: git-send-email 2.45.2 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Johannes Berg In nl80211, we always set the ssids of a scan request to NULL when n_ssids==0 (passive scan). Drivers have relied on this behaviour in the past, so we fixed it in 6 GHz scan requests as well, and added a warning so we'd have assurance the API would always be called that way. syzbot found that wext doesn't ensure that, so we reach the check and trigger the warning. Fix the wext code to set the ssids pointer to NULL when there are none. Reported-by: syzbot+cd6135193ba6bb9ad158@syzkaller.appspotmail.com Fixes: f7a8b10bfd61 ("wifi: cfg80211: fix 6 GHz scan request building") Signed-off-by: Johannes Berg --- net/wireless/scan.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 2f2a3163968a..d7485e26f4fc 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -3493,8 +3493,10 @@ int cfg80211_wext_siwscan(struct net_device *dev, memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); creq->ssids[0].ssid_len = wreq->essid_len; } - if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) + if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) { + creq->ssids = NULL; creq->n_ssids = 0; + } } for (i = 0; i < NUM_NL80211_BANDS; i++) -- 2.45.2