mirror of
git://git.openwrt.org/openwrt/openwrt.git
synced 2025-10-30 21:44:27 -04:00
26f400210d
This mainly affects scanning and beacon parsing, especially with MBSSID enabled Fixes: CVE-2022-41674 Fixes: CVE-2022-42719 Fixes: CVE-2022-42720 Fixes: CVE-2022-42721 Fixes: CVE-2022-42722 Signed-off-by: Felix Fietkau <nbd@nbd.name>
32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From: Johannes Berg <johannes.berg@intel.com>
|
|
Date: Wed, 5 Oct 2022 15:10:09 +0200
|
|
Subject: [PATCH] wifi: mac80211_hwsim: avoid mac80211 warning on bad
|
|
rate
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
commit 1833b6f46d7e2830251a063935ab464256defe22 upstream.
|
|
|
|
If the tool on the other side (e.g. wmediumd) gets confused
|
|
about the rate, we hit a warning in mac80211. Silence that
|
|
by effectively duplicating the check here and dropping the
|
|
frame silently (in mac80211 it's dropped with the warning).
|
|
|
|
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
|
|
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
|
|
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
---
|
|
|
|
--- a/drivers/net/wireless/mac80211_hwsim.c
|
|
+++ b/drivers/net/wireless/mac80211_hwsim.c
|
|
@@ -3760,6 +3760,8 @@ static int hwsim_cloned_frame_received_n
|
|
|
|
rx_status.band = channel->band;
|
|
rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]);
|
|
+ if (rx_status.rate_idx >= data2->hw->wiphy->bands[rx_status.band]->n_bitrates)
|
|
+ goto out;
|
|
rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]);
|
|
|
|
hdr = (void *)skb->data;
|