Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / e30922bd0c3d24c27f457a64997ed4a47161621e^! / . / net / wireless
commite30922bd0c3d24c27f457a64997ed4a47161621e[log] [tgz]
authorEliad Peller <eliad@wizery.com>Thu Nov 24 18:13:56 2011 +0200
committerGreg Kroah-Hartman <gregkh@suse.de>Fri Dec 09 08:52:31 2011 -0800
tree984963799d06d4a9bf0516feaea890068305ca94
parent2e72634a130dcac5d9e88e9187d7eab6c0ea8713 [diff]
nl80211: fix MAC address validation

commit e007b857e88097c96c45620bf3b04a4e309053d1 upstream.

MAC addresses have a fixed length. The current
policy allows passing < ETH_ALEN bytes, which
might result in reading beyond the buffer.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>


diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 3dac76f..0c2b808 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c

@@ -83,8 +83,8 @@
 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
 
-	[NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
-	[NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
+	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
+	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
 
 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,