github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
bfbf76dca7
linux/net
History
Luciano Coelho 946ea1c993 nl80211: fix check for valid SSID size in scan operations 
commit 208c72f4fe upstream.

In both trigger_scan and sched_scan operations, we were checking for
the SSID length before assigning the value correctly.  Since the
memory was just kzalloc'ed, the check was always failing and SSID with
over 32 characters were allowed to go through.

This was causing a buffer overflow when copying the actual SSID to the
proper place.

This bug has been there since 2.6.29-rc4.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-06-23 15:24:06 -07:00
..
9p 9p: strlen() doesn't count the terminator 2010-08-10 10:20:39 -07:00
802
8021q vlan: Fix register_vlan_dev() error path 2009-11-17 06:45:04 -08:00
appletalk Have atalk_route_packet() return NET_RX_SUCCESS not NET_XMIT_SUCCESS 2009-09-14 17:02:47 -07:00
atm atm: expose ATM device index in sysfs 2011-06-23 15:24:04 -07:00
ax25 net: ax25: fix information leak to userland harder 2011-04-22 08:44:31 -07:00
bluetooth Bluetooth: bnep: fix buffer overflow 2011-04-14 16:53:33 -07:00
bridge bridge: netfilter: fix information leak 2011-04-14 16:53:32 -07:00
can can: add missing socket check in can/raw release 2011-05-09 15:55:42 -07:00
core gro: reset skb_iif on reuse 2011-04-14 16:53:41 -07:00
dcb net: fix double skb free in dcbnl 2009-09-26 20:16:15 -07:00
dccp dccp: handle invalid feature options length 2011-05-23 11:20:15 -07:00
decnet DECnet: don't leak uninitialized stack byte 2010-12-09 13:27:03 -08:00
dsa netdev: convert pseudo-devices to netdev_tx_t 2009-09-01 01:13:07 -07:00
econet econet: fix CVE-2010-3848 2011-05-09 15:55:33 -07:00
ethernet
ieee802154 net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
ipv4 udp: Fix bogus UFO packet generation 2011-05-09 15:54:51 -07:00
ipv6 netfilter: nf_conntrack_reasm: properly handle packets fragmented into a single fragment 2011-06-23 15:24:05 -07:00
ipx net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
irda irda: prevent integer underflow in IRLMP_ENUMDEVICES 2011-04-14 16:53:54 -07:00
iucv net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
key net: file_operations should be const 2009-09-02 01:03:53 -07:00
lapb net: remove NET_RX_BAD and NET_RX_CN* defines 2009-07-05 19:15:35 -07:00
llc net/llc: make opt unsigned in llc_ui_setsockopt() 2010-09-26 17:21:24 -07:00
mac80211 mac80211: Add define for TX headroom reserved by mac80211 itself. 2011-05-09 15:55:22 -07:00
netfilter netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values 2011-03-14 14:29:58 -07:00
netlabel Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-30 19:22:43 -07:00
netlink netlink: fix compat recvmsg 2010-08-26 16:41:55 -07:00
netrom ax25: netrom: rose: Fix timer oopses 2010-02-09 04:50:56 -08:00
packet net: packet: fix information leak to userland 2011-04-14 16:53:46 -07:00
phonet Phonet: device notifier only runs on initial namespace 2011-05-09 15:55:39 -07:00
rds net: fix rds_iovec page count overflow 2011-04-22 08:44:32 -07:00
rfkill Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2009-11-23 14:01:47 -08:00
rose ROSE: prevent heap corruption with bad facilities 2011-04-14 16:53:27 -07:00
rxrpc net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
sched sched: Fix softirq time accounting 2011-02-17 15:37:24 -08:00
sctp sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set 2011-04-14 16:53:44 -07:00
sunrpc SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change callback... 2011-06-23 15:24:05 -07:00
tipc net: tipc: fix information leak to userland 2011-04-14 16:53:50 -07:00
unix af_unix: limit unix_tot_inflight 2011-05-09 15:55:36 -07:00
wanrouter headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
wimax
wireless nl80211: fix check for valid SSID size in scan operations 2011-06-23 15:24:06 -07:00
x25 x25: Do not reference freed memory. 2011-03-02 09:47:07 -05:00
xfrm net: file_operations should be const 2009-09-02 01:03:53 -07:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-12-09 13:27:13 -08:00
Kconfig net/compat/wext: send different messages to compat tasks 2009-07-15 08:53:39 -07:00
Makefile net: remove redundant sched/ in net/Makefile 2009-07-12 20:11:14 -07:00
nonet.c
socket.c net: Truncate recvfrom and sendto length to INT_MAX. 2010-12-09 13:27:12 -08:00
sysctl_net.c
TUNABLE