Just a single fix, for a WoWLAN-related part of CVE-2017-13080.
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEExu3sM/nZ1eRSfR9Ha3t4Rpy0AB0FAlnkt7YACgkQa3t4Rpy0 AB3UZg/8CsZr3SeDM1CxLTmDxJ734qq2kcoBo8nJgJqSwIWE5goGXCJSIGQw0o9O X8IF/xKj+Vgqfmxs73dnZM15klkVc9HBOdMdnjayWZZa5h6wKFFVNdjkMsrFxdV8 iugcCaUYCg1/Sc/qq4hBWLe5k3mQa5fB1clr7qykYEfIuY2ORpEJ+P2Uqjb5/RKx ugLO1qdCVMk7kqB/Fc8XKrPdiCgmfaMdz9lTqm1yXDThQe0rNxmWR339YpleqEiA lWIOZ53OlHZ3LTz8YDPcNA7mf5KtK1qQc60kZLygDcy5swvKaSIUaLfYOIjsPLIi 5tJ4tztEPpi5RTMPHkOLCcdGCT2bQ9InCmgSmEwymMbn36vaLuyH+9pfkqgbunUq M1C07VNG9HUi+Qz6mhtbY6ZyG0s1M09rAouCOGo4T9x7YHA73BetvcxYcxhdTm6t vOTDd/xiWM1Dsgc2tu41A+jB3cShi5so/OLE1KcLe4r1cso6+FdR+p5VW6XyRV73 Kbdh39azsdlyK6L+BW6cWCm/DUstourVmOz7mPebE0NW7N8cEhTtvclu0dz1gdKL nBMha+lOBmy2+acU5Z58f6/jG8RCMcyiD+0z9yrZmOmO4OgVyxHXP2GrsQ1d/Qr5 vhBLT1LFxcvJpIlKZy3dqv1lZQ10suwcsFzJG3NsQbczV7Vk9aM= =Iwyf -----END PGP SIGNATURE----- Merge tag 'mac80211-for-davem-2017-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Just a single fix, for a WoWLAN-related part of CVE-2017-13080. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
1b72bf5a07
|
|
@ -4,7 +4,7 @@
|
||||||
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
|
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
|
||||||
* Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
|
* Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
|
||||||
* Copyright 2013-2014 Intel Mobile Communications GmbH
|
* Copyright 2013-2014 Intel Mobile Communications GmbH
|
||||||
* Copyright 2015 Intel Deutschland GmbH
|
* Copyright 2015-2017 Intel Deutschland GmbH
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License version 2 as
|
* it under the terms of the GNU General Public License version 2 as
|
||||||
|
|
@ -620,9 +620,6 @@ int ieee80211_key_link(struct ieee80211_key *key,
|
||||||
|
|
||||||
pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
|
pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
|
||||||
idx = key->conf.keyidx;
|
idx = key->conf.keyidx;
|
||||||
key->local = sdata->local;
|
|
||||||
key->sdata = sdata;
|
|
||||||
key->sta = sta;
|
|
||||||
|
|
||||||
mutex_lock(&sdata->local->key_mtx);
|
mutex_lock(&sdata->local->key_mtx);
|
||||||
|
|
||||||
|
|
@ -633,6 +630,21 @@ int ieee80211_key_link(struct ieee80211_key *key,
|
||||||
else
|
else
|
||||||
old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
|
old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Silently accept key re-installation without really installing the
|
||||||
|
* new version of the key to avoid nonce reuse or replay issues.
|
||||||
|
*/
|
||||||
|
if (old_key && key->conf.keylen == old_key->conf.keylen &&
|
||||||
|
!memcmp(key->conf.key, old_key->conf.key, key->conf.keylen)) {
|
||||||
|
ieee80211_key_free_unused(key);
|
||||||
|
ret = 0;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
key->local = sdata->local;
|
||||||
|
key->sdata = sdata;
|
||||||
|
key->sta = sta;
|
||||||
|
|
||||||
increment_tailroom_need_count(sdata);
|
increment_tailroom_need_count(sdata);
|
||||||
|
|
||||||
ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
|
ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
|
||||||
|
|
@ -648,6 +660,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
mutex_unlock(&sdata->local->key_mtx);
|
mutex_unlock(&sdata->local->key_mtx);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue