Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88c868c4 authored by Stanislaw Gruszka's avatar Stanislaw Gruszka Committed by John W. Linville
Browse files

mac80211: sanity check for null SSID 



While associated we should never have empty SSID, but life can be full
of surprises, and is allways better to print a warning than crash.

Before memcpy() in ieee80211_probereq_get() check ssid_len instead of
ssid pointer, sice pointer it always passed by "ssidie + 2" expression
to send probe functions, so practically never can be NULL.

Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 32c5057b

net/mac80211/mlme.c

+16 −3
Original line number Diff line number Diff line
@@ -1518,9 +1518,16 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 
		ifmgd->nullfunc_failed = false;

		ieee80211_send_nullfunc(sdata->local, sdata, 0);

	} else {

		int ssid_len;



		ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);

		ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0,

					 (u32) -1, true, false);

		if (WARN_ON_ONCE(ssid == NULL))

			ssid_len = 0;

		else

			ssid_len = ssid[1];



		ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,

					 0, (u32) -1, true, false);

	}



	ifmgd->probe_send_count++;
@@ -1596,6 +1603,7 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 
	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;

	struct sk_buff *skb;

	const u8 *ssid;

	int ssid_len;



	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))

		return NULL;
@@ -1606,8 +1614,13 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 
		return NULL;



	ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);

	if (WARN_ON_ONCE(ssid == NULL))

		ssid_len = 0;

	else

		ssid_len = ssid[1];



	skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid,

					(u32) -1, ssid + 2, ssid[1],

					(u32) -1, ssid + 2, ssid_len,

					NULL, 0, true);



	return skb;

net/mac80211/tx.c

+1 −1
Original line number Diff line number Diff line
@@ -2602,7 +2602,7 @@ struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw, 
	pos = skb_put(skb, ie_ssid_len);

	*pos++ = WLAN_EID_SSID;

	*pos++ = ssid_len;

	if (ssid)

	if (ssid_len)

		memcpy(pos, ssid, ssid_len);

	pos += ssid_len;