Commit a37c5e70 authored Sep 30, 2021 by Johannes Berg Committed by Greg Kroah-Hartman Nov 02, 2021

cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()

commit a2083eeb119fb9307258baea9b7c243ca9a2e0b6 upstream.

The SSID pointer is pointing to RCU protected data, so we
need to have it under rcu_read_lock() for the entire use.
Fix this.

Cc: stable@vger.kernel.org
Fixes: 0b8fb823 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Link: https://lore.kernel.org/r/20210930131120.6ddfc603aa1d.I2137344c4e2426525b1a8e4ce5fca82f8ecbfe7e@changeid


Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 590abe5b

net/wireless/scan.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -379,13 +379,16 @@ cfg80211_add_nontrans_list(struct cfg80211_bss *trans_bss,
		}
		ssid_len = ssid[1];
		ssid = ssid + 2;
		rcu_read_unlock();

		/* check if nontrans_bss is in the list */
		list_for_each_entry(bss, &trans_bss->nontrans_list, nontrans_list) {
		if (is_bss(bss, nontrans_bss->bssid, ssid, ssid_len))
		if (is_bss(bss, nontrans_bss->bssid, ssid, ssid_len)) {
		rcu_read_unlock();
		return 0;
		}
		}

		rcu_read_unlock();

		/* add to the list */
		list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list);