github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4bdd401e8b
linux/net
History
Johannes Berg 30f754e9d9 mac80211: clear sequence/fragment number in QoS-null frames 
commit 864a6040f3 upstream.

Avoid leaking data by sending uninitialized memory and setting an
invalid (non-zero) fragment number (the sequence number is ignored
anyway) by setting the seq_ctrl field to zero.

Fixes: 3f52b7e328 ("mac80211: mesh power save basics")
Fixes: ce662b44ce ("mac80211: send (QoS) Null if no buffered frames")
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-03-23 21:38:12 -07:00
..
9p 9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers 2014-03-06 21:30:03 -08:00
802 net/802/mrp: fix lockdep splat 2013-05-14 13:02:30 -07:00
8021q vlan: Fix header ops passthru when doing TX VLAN offload. 2014-01-15 15:28:49 -08:00
appletalk net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
ax25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
batman-adv batman-adv: set up network coding packet handlers during module init 2013-11-20 12:27:47 -08:00
bluetooth net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
bridge bridge: use spin_lock_bh() in br_multicast_set_hash_max 2014-01-15 15:28:50 -08:00
caif net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
can can: add destructor for self generated skbs 2014-03-06 21:30:03 -08:00
ceph libceph: add function to ensure notifies are complete 2014-01-09 12:24:26 -08:00
core neigh: recompute reachabletime before returning from neigh_periodic_work() 2014-03-23 21:38:10 -07:00
dcb rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
dccp net:dccp: do not report ICMP redirects to user space 2013-10-13 16:08:30 -07:00
decnet decnet: remove duplicated include from dn_table.c 2013-04-07 17:12:01 -04:00
dns_resolver
dsa dsa: fix freeing of sparse port allocation 2013-03-25 12:23:41 -04:00
ethernet net: add ETH_P_802_3_MIN 2013-03-28 01:20:42 -04:00
ieee802154 6lowpan: fix lockdep splats 2014-03-06 21:30:02 -08:00
ipv4 net-tcp: fastopen: fix high order allocations 2014-03-23 21:38:10 -07:00
ipv6 ipv6: ipv6_find_hdr restore prev functionality 2014-03-23 21:38:10 -07:00
ipx net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
irda net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
l2tp inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions 2013-12-08 07:29:25 -08:00
lapb
llc net: llc: fix use after free in llc_ui_recvmsg 2014-01-15 15:28:50 -08:00
mac80211 mac80211: clear sequence/fragment number in QoS-null frames 2014-03-23 21:38:12 -07:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
netfilter netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper 2014-01-15 15:28:53 -08:00
netlabel netlabel: improve domain mapping validation 2013-05-19 14:49:55 -07:00
netlink net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
openvswitch openvswitch: Remove unneeded ovs_netdev_get_ifindex() 2013-04-30 00:19:11 -04:00
packet packet: fix send path when running with proto == 0 2014-01-15 15:28:46 -08:00
phonet inet: prevent leakage of uninitialized memory to user in recv syscalls 2013-12-08 07:29:25 -08:00
rds net: rds: fix per-cpu helper usage 2014-02-06 11:08:16 -08:00
rfkill Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-04-22 14:58:14 -04:00
rose net: rose: restore old recvmsg behavior 2014-01-15 15:28:49 -08:00
rxrpc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
sched net_sched: htb: fix a typo in htb_change_class() 2013-10-13 16:08:29 -07:00
sctp net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable 2014-03-23 21:38:11 -07:00
sunrpc SUNRPC: Fix races in xs_nospace() 2014-03-06 21:30:08 -08:00
tipc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
unix net: unix: allow bind to fail on mutex lock 2014-01-15 15:28:48 -08:00
vmw_vsock net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
wimax
wireless radiotap: fix bitmap-end-finding buffer overrun 2014-01-09 12:24:23 -08:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
xfrm xfrm: force a garbage collection after deleting a policy 2013-05-31 17:30:07 -07:00
compat.c x86, x32: Correct invalid use of user timespec in the kernel 2014-02-06 11:08:12 -08:00
Kconfig netlink: kconfig: move mmap i/o into netlink kconfig 2013-05-01 15:02:42 -04:00
Makefile
nonet.c
socket.c net: clamp ->msg_namelen instead of returning an error 2013-12-08 07:29:25 -08:00
sysctl_net.c net: Update the sysctl permissions handler to test effective uid/gid 2013-10-13 16:08:34 -07:00