diff options
author | Stanislaw Gruszka <sgruszka@redhat.com> | 2012-03-29 16:30:41 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2012-04-10 15:20:28 -0400 |
commit | 88c868c43ba38ac3bab07bab4c45b4bc44c94357 (patch) | |
tree | c56c66967ebb4a33142a54ef94396340656399bf /net | |
parent | 32c5057b22a60b23353dda93c57e475856ca286c (diff) | |
download | op-kernel-dev-88c868c43ba38ac3bab07bab4c45b4bc44c94357.zip op-kernel-dev-88c868c43ba38ac3bab07bab4c45b4bc44c94357.tar.gz |
mac80211: sanity check for null SSID
While associated we should never have empty SSID, but life can be full
of surprises, and is allways better to print a warning than crash.
Before memcpy() in ieee80211_probereq_get() check ssid_len instead of
ssid pointer, sice pointer it always passed by "ssidie + 2" expression
to send probe functions, so practically never can be NULL.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/mac80211/mlme.c | 19 | ||||
-rw-r--r-- | net/mac80211/tx.c | 2 |
2 files changed, 17 insertions, 4 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 93d484c..12ca982 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -1518,9 +1518,16 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) ifmgd->nullfunc_failed = false; ieee80211_send_nullfunc(sdata->local, sdata, 0); } else { + int ssid_len; + ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); - ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0, - (u32) -1, true, false); + if (WARN_ON_ONCE(ssid == NULL)) + ssid_len = 0; + else + ssid_len = ssid[1]; + + ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, + 0, (u32) -1, true, false); } ifmgd->probe_send_count++; @@ -1596,6 +1603,7 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; struct sk_buff *skb; const u8 *ssid; + int ssid_len; if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) return NULL; @@ -1606,8 +1614,13 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, return NULL; ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); + if (WARN_ON_ONCE(ssid == NULL)) + ssid_len = 0; + else + ssid_len = ssid[1]; + skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid, - (u32) -1, ssid + 2, ssid[1], + (u32) -1, ssid + 2, ssid_len, NULL, 0, true); return skb; diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 14a01c8..e0b8978 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -2602,7 +2602,7 @@ struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw, pos = skb_put(skb, ie_ssid_len); *pos++ = WLAN_EID_SSID; *pos++ = ssid_len; - if (ssid) + if (ssid_len) memcpy(pos, ssid, ssid_len); pos += ssid_len; |