Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d811b3d5 authored by Arik Nemtsov's avatar Arik Nemtsov Committed by Johannes Berg
Browse files

mac80211: fix invalid band deref building preq IEs 



The function building probe-request IEs does not validate the band is
supported before dereferencing it. This can result in a panic when
all bands are traversed, as done during sched-scan start.

Warn when this happens and return an empty probe request. Also fix
sched-scan to not waste memory on unsupported bands.

Signed-off-by: default avatarArik Nemtsov <arik@wizery.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent fd014284

net/mac80211/scan.c

+3 −0
Original line number Diff line number Diff line
@@ -928,6 +928,9 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 
	}



	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {

		if (!local->hw.wiphy->bands[i])

			continue;



		local->sched_scan_ies.ie[i] = kzalloc(2 +

						      IEEE80211_MAX_SSID_LEN +

						      local->scan_ies_len +

net/mac80211/util.c

+2 −0
Original line number Diff line number Diff line
@@ -999,6 +999,8 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 
	int ext_rates_len;



	sband = local->hw.wiphy->bands[band];

	if (WARN_ON_ONCE(!sband))

		return 0;



	pos = buffer;