mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-09-18 22:14:16 +00:00
312ca38ddd
This function was modified to support the information element extension
case (WLAN_EID_EXTENSION) in a manner that would result in an infinite
loop when going through set of IEs that include WLAN_EID_RIC_DATA and
contain an IE that is in the after_ric array. The only place where this
can currently happen is in mac80211 ieee80211_send_assoc() where
ieee80211_ie_split_ric() is called with after_ric[].
This can be triggered by valid data from user space nl80211
association/connect request (i.e., requiring GENL_UNS_ADMIN_PERM). The
only known application having an option to include WLAN_EID_RIC_DATA in
these requests is wpa_supplicant and it had a bug that prevented this
specific contents from being used (and because of that, not triggering
this kernel bug in an automated test case ap_ft_ric) and now that this
bug is fixed, it has a workaround to avoid this kernel issue.
WLAN_EID_RIC_DATA is currently used only for testing purposes, so this
does not cause significant harm for production use cases.
Fixes:
|
||
|---|---|---|
| .. | ||
| certs | ||
| .gitignore | ||
| ap.c | ||
| chan.c | ||
| core.c | ||
| core.h | ||
| debugfs.c | ||
| debugfs.h | ||
| ethtool.c | ||
| ibss.c | ||
| Kconfig | ||
| lib80211.c | ||
| lib80211_crypt_ccmp.c | ||
| lib80211_crypt_tkip.c | ||
| lib80211_crypt_wep.c | ||
| Makefile | ||
| mesh.c | ||
| mlme.c | ||
| nl80211.c | ||
| nl80211.h | ||
| ocb.c | ||
| of.c | ||
| radiotap.c | ||
| rdev-ops.h | ||
| reg.c | ||
| reg.h | ||
| scan.c | ||
| sme.c | ||
| sysfs.c | ||
| sysfs.h | ||
| trace.c | ||
| trace.h | ||
| util.c | ||
| wext-compat.c | ||
| wext-compat.h | ||
| wext-core.c | ||
| wext-priv.c | ||
| wext-proc.c | ||
| wext-sme.c | ||
| wext-spy.c | ||