diff options
| author | Anant Thazhemadam <[email protected]> | 2020-12-05 03:28:25 +0530 |
|---|---|---|
| committer | Johannes Berg <[email protected]> | 2020-12-11 13:20:04 +0100 |
| commit | 2d9463083ce92636a1bdd3e30d1236e3e95d859e (patch) | |
| tree | 71b70c29817336309d1dacd916265201ba5acf92 /tools/perf/scripts/python/failed-syscalls-by-pid.py | |
| parent | 669b84134a2be14d333d4f82b65943d467404f87 (diff) | |
nl80211: validate key indexes for cfg80211_registered_device
syzbot discovered a bug in which an OOB access was being made because
an unsuitable key_idx value was wrongly considered to be acceptable
while deleting a key in nl80211_del_key().
Since we don't know the cipher at the time of deletion, if
cfg80211_validate_key_settings() were to be called directly in
nl80211_del_key(), even valid keys would be wrongly determined invalid,
and deletion wouldn't occur correctly.
For this reason, a new function - cfg80211_valid_key_idx(), has been
created, to determine if the key_idx value provided is valid or not.
cfg80211_valid_key_idx() is directly called in 2 places -
nl80211_del_key(), and cfg80211_validate_key_settings().
Reported-by: [email protected]
Tested-by: [email protected]
Suggested-by: Johannes Berg <[email protected]>
Signed-off-by: Anant Thazhemadam <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Cc: [email protected]
[also disallow IGTK key IDs if no IGTK cipher is supported]
Signed-off-by: Johannes Berg <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/failed-syscalls-by-pid.py')
0 files changed, 0 insertions, 0 deletions