diff mbox series

[10/15] mac80211: bail out if cipher schemes are invalid

Message ID iwlwifi.20210409123755.381cfb3f1dc1.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid
State New
Headers show
Series cfg80211/mac80211 patches from our internal tree 2021-04-09 | expand

Commit Message

Luca Coelho April 9, 2021, 9:40 a.m. UTC
From: Johannes Berg <johannes.berg@intel.com>

If any of the cipher schemes specified by the driver are invalid, bail
out and fail the registration rather than just warning.  Otherwise, we
might later crash when we try to use the invalid cipher scheme, e.g.
if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd
have an out-of-bounds access in RX validation.

Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 net/mac80211/main.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index f27aed37ed2b..ba624cb250b3 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1137,8 +1137,11 @@  int ieee80211_register_hw(struct ieee80211_hw *hw)
 	if (local->hw.wiphy->max_scan_ie_len)
 		local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len;
 
-	WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
-					 local->hw.n_cipher_schemes));
+	if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
+					     local->hw.n_cipher_schemes))) {
+		result = -EINVAL;
+		goto fail_workqueue;
+	}
 
 	result = ieee80211_init_cipher_suites(local);
 	if (result < 0)