cfg80211: check regulatory request alpha2 early
Currently nl80211 allows userspace to send the kernel a bogus regulatory domain with at most 32 rules set and it won't reject it until after its allocated memory. Let's be smart about it and take advantage that the last_request is now available under RTNL and check if the alpha2 matches an expected request and reject any bogus userspace requests prior to hitting the memory allocator. Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
parent
cc493e4f52
commit
e438768ff9
|
@ -5100,6 +5100,9 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!reg_is_valid_request(alpha2))
|
||||
return -EINVAL;
|
||||
|
||||
size_of_regd = sizeof(struct ieee80211_regdomain) +
|
||||
num_rules * sizeof(struct ieee80211_reg_rule);
|
||||
|
||||
|
|
|
@ -450,7 +450,7 @@ static int call_crda(const char *alpha2)
|
|||
return kobject_uevent(®_pdev->dev.kobj, KOBJ_CHANGE);
|
||||
}
|
||||
|
||||
static bool reg_is_valid_request(const char *alpha2)
|
||||
bool reg_is_valid_request(const char *alpha2)
|
||||
{
|
||||
struct regulatory_request *lr = get_last_request();
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
extern const struct ieee80211_regdomain __rcu *cfg80211_regdomain;
|
||||
|
||||
bool reg_is_valid_request(const char *alpha2);
|
||||
bool is_world_regdom(const char *alpha2);
|
||||
bool reg_supported_dfs_region(u8 dfs_region);
|
||||
|
||||
|
|
Loading…
Reference in New Issue