Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe100acd authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville
Browse files

cfg80211: fix locking in action frame TX 



Accesses to "wdev->current_bss" must be
locked with the wdev lock, which action
frame transmission is missing.

Cc: stable@kernel.org [2.6.33+]
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent a9fda88b

net/wireless/mlme.c

+7 −1
Original line number Diff line number Diff line
@@ -843,15 +843,21 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev, 
		return -EINVAL;

	if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {

		/* Verify that we are associated with the destination AP */

		wdev_lock(wdev);



		if (!wdev->current_bss ||

		    memcmp(wdev->current_bss->pub.bssid, mgmt->bssid,

			   ETH_ALEN) != 0 ||

		    (wdev->iftype == NL80211_IFTYPE_STATION &&

		     memcmp(wdev->current_bss->pub.bssid, mgmt->da,

			    ETH_ALEN) != 0))

			    ETH_ALEN) != 0)) {

			wdev_unlock(wdev);

			return -ENOTCONN;

		}



		wdev_unlock(wdev);

	}



	if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0)

		return -EINVAL;