superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net
History
Johannes Berg a74e893f30 wifi: mac80211: fix MLE defragmentation 
If either reconf or EPCS multi-link element (MLE) is contained in
a non-transmitted profile, the defragmentation routine is called
with a pointer to the defragmented copy, but the original elements.

This is incorrect for two reasons:
 - if the original defragmentation was needed, it will not find the
   correct data
 - if the original frame is at a higher address, the parsing will
   potentially overrun the heap data (though given the layout of
   the buffers, only into the new defragmentation buffer, and then
   it has to stop and fail once that's filled with copied data.

Fix it by tracking the container along with the pointer and in
doing so also unify the two almost identical defragmentation
routines.

Fixes: 4d70e9c548 ("wifi: mac80211: defragment reconfiguration MLE when parsing")
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Link: https://patch.msgid.link/20260508091031.8a6c34613178.I4de16ebbce2d27f2f8f98fc49949c7a376c2fe8d@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2026-05-20 11:19:52 +02:00
..
6lowpan
9p 9p/trans_xen: replace simple_strto* with kstrtouint 2026-04-16 02:57:01 +00:00
802 Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
8021q 8021q: delete cleared egress QoS mappings 2026-04-23 12:13:57 +02:00
appletalk Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
atm net: remove unused ATM protocols and legacy ATM device drivers 2026-04-23 12:21:14 -07:00
batman-adv Here are two batman-adv bugfixes: 2026-04-08 18:50:27 -07:00
bluetooth Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem 2026-05-06 16:27:53 -04:00
bpf bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb 2026-04-12 15:42:57 -07:00
bridge Delete some obsolete networking code 2026-04-24 09:41:58 -07:00
can Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
ceph libceph: Fix slab-out-of-bounds access in auth message processing 2026-04-22 01:40:23 +02:00
core net: prevent possible UAF in rtnl_prop_list_size() 2026-05-04 19:24:27 -07:00
dcb Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
devlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
dns_resolver net: Add SPDX ids to some source files 2026-03-09 18:32:45 -07:00
dsa net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops 2026-04-16 19:10:48 -07:00
ethernet bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
ethtool ethtool: strset: check nla_len overflow 2026-04-12 11:23:50 -07:00
handshake treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
hsr net: hsr: emit notification for PRP slave2 changed hw addr on port deletion 2026-04-07 17:06:16 +02:00
ieee802154 net: remove addr_len argument of recvmsg() handlers 2026-03-02 18:17:17 -08:00
ife
ipv4 ipmr: Call ipmr_fib_lookup() under RCU. 2026-05-07 08:38:37 -07:00
ipv6 tcp: Fix dst leak in tcp_v6_connect(). 2026-05-07 08:39:15 -07:00
iucv net/iucv: Add missing kernel-doc return value descriptions 2026-03-31 20:14:56 -07:00
kcm kcm: fix zero-frag skb in frag_list on partial sendmsg error 2026-02-23 17:26:55 -08:00
key vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
l3mdev
lapb treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
llc llc: Return -EINPROGRESS from llc_ui_connect() 2026-04-23 11:40:39 -07:00
mac80211 wifi: mac80211: fix MLE defragmentation 2026-05-20 11:19:52 +02:00
mac802154 bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
mctp net: mctp: test: Use dev_direct_xmit for TX to our test device 2026-04-30 13:36:47 -07:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
mptcp mptcp: pm: prio: skip closed subflows 2026-05-06 18:16:45 -07:00
ncsi net: ncsi: fix skb leak in error paths 2026-03-06 17:34:48 -08:00
netfilter ipvs: Guard access of HK_TYPE_KTHREAD cpumask with RCU 2026-05-05 01:52:55 +02:00
netlabel Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
netlink Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
nfc NFC: digital: Bounds check NFC-A cascade depth in SDD response handler 2026-04-12 11:40:45 -07:00
nsh
openvswitch openvswitch: vport: fix self-deadlock on release of tunnel ports 2026-05-05 15:19:37 +02:00
packet net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() 2026-04-22 20:16:34 -07:00
phonet net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind 2026-04-27 18:45:17 -07:00
psample treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
psp psp: strip variable-length PSP header in psp_dev_rcv() 2026-05-04 19:25:14 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
rds net/rds: handle zerocopy send cleanup before the message is queued 2026-05-05 15:32:40 +02:00
rfkill net: rfkill: prevent unlimited numbers of rfkill events from being created 2026-04-07 12:35:04 +02:00
rxrpc rxrpc: Fix error handling in rxgk_extract_token() 2026-04-23 14:29:16 -07:00
sched net/sched: sch_sfq: annotate data-races from sfq_dump_class_stats() 2026-05-06 17:46:05 -07:00
sctp sctp: discard stale INIT after handshake completion 2026-04-28 17:52:19 -07:00
shaper net: shaper: protect from late creation of hierarchy 2026-03-19 13:47:15 +01:00
smc net/smc: fix missing sk_err when TCP handshake fails 2026-05-07 08:36:34 -07:00
strparser net: strparser: fix skb_head leak in strp_abort_strp() 2026-04-14 12:37:00 +02:00
sunrpc NFS client updates for Linux 7.1 2026-04-24 14:20:03 -07:00
switchdev bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
tipc Including fixes from Netfilter. 2026-04-23 16:50:42 -07:00
tls net: tls: fix silent data drop under pipe back-pressure 2026-05-02 18:27:14 -07:00
unix af_unix: Reject SIOCATMARK on non-stream sockets 2026-05-07 08:36:02 -07:00
vmw_vsock vsock/virtio: fix potential unbounded skb queue 2026-05-04 19:12:37 -07:00
wireless wifi: cfg80211: advance loop vars in cfg80211_merge_profile() 2026-05-08 09:20:03 +02:00
x25 vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
xdp xsk: fix u64 descriptor address truncation on 32-bit architectures 2026-05-05 19:27:51 -07:00
xfrm xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete 2026-04-29 11:27:34 +02:00
Kconfig net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
Kconfig.debug
Makefile net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
compat.c
devres.c
socket.c Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
sysctl_net.c