microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/net/mac80211
История
Lorenzo Bianconi 3e8f7abcc3 wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration 
Fix possible out-of-bound access in ieee80211_get_rate_duration routine
as reported by the following UBSAN report:

UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47
index 15 is out of range for type 'u16 [12]'
CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic
Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017
Workqueue: mt76 mt76u_tx_status_data [mt76_usb]
Call Trace:
 <TASK>
 show_stack+0x4e/0x61
 dump_stack_lvl+0x4a/0x6f
 dump_stack+0x10/0x18
 ubsan_epilogue+0x9/0x43
 __ubsan_handle_out_of_bounds.cold+0x42/0x47
ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]
 ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]
 ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]
 ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]
 mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]
 mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]
 mt76u_tx_status_data+0x67/0xd0 [mt76_usb]
 process_one_work+0x225/0x400
 worker_thread+0x50/0x3e0
 ? process_one_work+0x400/0x400
 kthread+0xe9/0x110
 ? kthread_complete_and_exit+0x20/0x20
 ret_from_fork+0x22/0x30

Fixes: db3e1c40cf ("mac80211: Import airtime calculation code from mt76")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2022-11-25 12:45:53 +01:00
..
Kconfig
Makefile
aead_api.c
aead_api.h
aes_ccm.h
aes_cmac.c
aes_cmac.h
aes_gcm.h
aes_gmac.c
aes_gmac.h
agg-rx.c
agg-tx.c
airtime.c wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration 2022-11-25 12:45:53 +01:00
cfg.c
chan.c
debug.h
debugfs.c
debugfs.h
debugfs_key.c
debugfs_key.h
debugfs_netdev.c
debugfs_netdev.h
debugfs_sta.c
debugfs_sta.h
driver-ops.c
driver-ops.h
eht.c
ethtool.c
fils_aead.c
fils_aead.h
he.c
ht.c
ibss.c
ieee80211_i.h wifi: mac80211: fix MBSSID parsing use-after-free 2022-10-10 09:50:23 +02:00
iface.c wifi: mac80211: netdev compatible TX stop for iTXQ drivers 2022-10-07 14:48:14 +02:00
key.c
key.h
led.c
led.h
link.c
main.c wifi: mac80211: fix memory free error when registering wiphy fail 2022-10-21 12:34:59 +02:00
mesh.c
mesh.h
mesh_hwmp.c
mesh_pathtbl.c wifi: mac80211: Fix ack frame idr leak when mesh has no route 2022-11-02 09:48:11 +01:00
mesh_plink.c
mesh_ps.c
mesh_sync.c
michael.c
michael.h
mlme.c wifi: mac80211: remove/avoid misleading prints 2022-10-07 14:40:33 +02:00
ocb.c
offchannel.c
pm.c
rate.c
rate.h
rc80211_minstrel_ht.c treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
rc80211_minstrel_ht.h
rc80211_minstrel_ht_debugfs.c
rx.c Merge branch 'cve-fixes-2022-10-13' 2022-10-13 11:59:56 +02:00
s1g.c wifi: mac80211: Set TWT Information Frame Disabled bit as 1 2022-11-02 09:50:40 +01:00
scan.c treewide: use get_random_{u8,u16}() when possible, part 1 2022-10-11 17:42:58 -06:00
spectmgmt.c
sta_info.c
sta_info.h
status.c
tdls.c
tkip.c
tkip.h
trace.c
trace.h
trace_msg.h
tx.c wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit() 2022-11-02 09:46:11 +01:00
util.c Merge branch 'cve-fixes-2022-10-13' 2022-10-13 11:59:56 +02:00
vht.c
wep.c
wep.h
wme.c
wme.h
wpa.c
wpa.h