git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3eadd75)
mac80211: fix HT information element parsing
authorJohannes Berg <johannes@sipsolutions.net>
Tue, 7 Oct 2008 17:31:17 +0000 (19:31 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 15 Oct 2008 00:47:15 +0000 (20:47 -0400)
There's no checking that the HT IEs are of the right length
which can be used by an attacker to cause an out-of-bounds
access by sending a too short HT information/capability IE.
Fix it by simply pretending those IEs didn't exist when too
short.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/mac80211/ieee80211_i.h patch | blob | history
net/mac80211/mlme.c patch | blob | history
net/mac80211/util.c patch | blob | history

diff --cc net/mac80211/ieee80211_i.h
Simple merge
diff --cc net/mac80211/mlme.c
Simple merge
diff --cc net/mac80211/util.c
Simple merge
Pandora Kernel Repository