mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-03 04:26:55 +00:00
26f400210d
This mainly affects scanning and beacon parsing, especially with MBSSID enabled Fixes: CVE-2022-41674 Fixes: CVE-2022-42719 Fixes: CVE-2022-42720 Fixes: CVE-2022-42721 Fixes: CVE-2022-42722 Signed-off-by: Felix Fietkau <nbd@nbd.name>
83 lines
2.8 KiB
Diff
83 lines
2.8 KiB
Diff
From: Johannes Berg <johannes.berg@intel.com>
|
|
Date: Mon, 20 Sep 2021 15:40:08 +0200
|
|
Subject: [PATCH] mac80211: move CRC into struct ieee802_11_elems
|
|
|
|
commit c6e37ed498f958254b5459253199e816b6bfc52f upstream.
|
|
|
|
We're currently returning this value, but to prepare for
|
|
returning the allocated structure, move it into there.
|
|
|
|
Link: https://lore.kernel.org/r/20210920154009.479b8ebf999d.If0d4ba75ee38998dc3eeae25058aa748efcb2fc9@changeid
|
|
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
---
|
|
|
|
--- a/net/mac80211/ieee80211_i.h
|
|
+++ b/net/mac80211/ieee80211_i.h
|
|
@@ -1530,6 +1530,7 @@ struct ieee80211_csa_ie {
|
|
struct ieee802_11_elems {
|
|
const u8 *ie_start;
|
|
size_t total_len;
|
|
+ u32 crc;
|
|
|
|
/* pointers to IEs */
|
|
const struct ieee80211_tdls_lnkie *lnk_id;
|
|
@@ -2089,10 +2090,10 @@ static inline void ieee80211_tx_skb(stru
|
|
ieee80211_tx_skb_tid(sdata, skb, 7);
|
|
}
|
|
|
|
-u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
|
- struct ieee802_11_elems *elems,
|
|
- u64 filter, u32 crc, u8 *transmitter_bssid,
|
|
- u8 *bss_bssid);
|
|
+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
|
+ struct ieee802_11_elems *elems,
|
|
+ u64 filter, u32 crc, u8 *transmitter_bssid,
|
|
+ u8 *bss_bssid);
|
|
static inline void ieee802_11_parse_elems(const u8 *start, size_t len,
|
|
bool action,
|
|
struct ieee802_11_elems *elems,
|
|
--- a/net/mac80211/mlme.c
|
|
+++ b/net/mac80211/mlme.c
|
|
@@ -4102,10 +4102,11 @@ static void ieee80211_rx_mgmt_beacon(str
|
|
*/
|
|
if (!ieee80211_is_s1g_beacon(hdr->frame_control))
|
|
ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
|
|
- ncrc = ieee802_11_parse_elems_crc(variable,
|
|
- len - baselen, false, &elems,
|
|
- care_about_ies, ncrc,
|
|
- mgmt->bssid, bssid);
|
|
+ ieee802_11_parse_elems_crc(variable,
|
|
+ len - baselen, false, &elems,
|
|
+ care_about_ies, ncrc,
|
|
+ mgmt->bssid, bssid);
|
|
+ ncrc = elems.crc;
|
|
|
|
if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
|
|
ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
|
|
--- a/net/mac80211/util.c
|
|
+++ b/net/mac80211/util.c
|
|
@@ -1469,10 +1469,10 @@ static size_t ieee802_11_find_bssid_prof
|
|
return found ? profile_len : 0;
|
|
}
|
|
|
|
-u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
|
- struct ieee802_11_elems *elems,
|
|
- u64 filter, u32 crc, u8 *transmitter_bssid,
|
|
- u8 *bss_bssid)
|
|
+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
|
+ struct ieee802_11_elems *elems,
|
|
+ u64 filter, u32 crc, u8 *transmitter_bssid,
|
|
+ u8 *bss_bssid)
|
|
{
|
|
const struct element *non_inherit = NULL;
|
|
u8 *nontransmitted_profile;
|
|
@@ -1524,7 +1524,7 @@ u32 ieee802_11_parse_elems_crc(const u8
|
|
|
|
kfree(nontransmitted_profile);
|
|
|
|
- return crc;
|
|
+ elems->crc = crc;
|
|
}
|
|
|
|
void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata,
|