AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-16 20:36:22 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
1310c7a482
linux_dsm_epyc7002/net
History
Johannes Berg d16c5dfe93 wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 
commit 5122565188bae59d507d90a9a9fd2fd6107f4439 upstream.

Since cfg80211 doesn't implement commit, we never really cared about
that code there (and it's configured out w/o CONFIG_WIRELESS_EXT).
After all, since it has no commit, it shouldn't return -EIWCOMMIT to
indicate commit is needed.

However, EIWCOMMIT is actually an alias for EINPROGRESS, which _can_
happen if e.g. we try to change the frequency but we're already in
the process of connecting to some network, and drivers could return
that value (or even cfg80211 itself might).

This then causes us to crash because dev->wireless_handlers is NULL
but we try to check dev->wireless_handlers->standard[0].

Fix this by also checking dev->wireless_handlers. Also simplify the
code a little bit.

Cc: stable@vger.kernel.org
Reported-by: syzbot+444248c79e117bc99f46@syzkaller.appspotmail.com
Reported-by: syzbot+8b2a88a09653d4084179@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20210121171621.2076e4a37d5a.I5d9c72220fe7bb133fb718751da0180a57ecba4e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-02-03 23:28:38 +01:00
..
6lowpan
9p
802
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:16:55 +01:00
appletalk
atm net: atm: fix update of position index in lec_seq_next 2020-10-31 12:26:30 -07:00
ax25
batman-adv batman-adv: Don't always reallocate the fragmentation skb head 2020-11-27 08:02:55 +01:00
bluetooth Bluetooth: Fix attempting to set RPA timeout when unsupported 2021-01-09 13:46:23 +01:00
bpf bpf: Reject too big ctx_size_in for raw_tp test run 2021-01-27 11:55:07 +01:00
bpfilter
bridge bridge: Fix a deadlock when enabling multicast snooping 2020-12-07 17:14:43 -08:00
caif
can can: isotp: isotp_getname(): fix kernel information leak 2021-01-17 14:17:05 +01:00
ceph
core net: core: devlink: use right genl user_ptr when handling port param get/set 2021-01-27 11:55:26 +01:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 16:04:01 +01:00
dccp tcp: fix race condition when creating child sockets from syncookies 2020-11-23 16:32:33 -08:00
decnet
dns_resolver
dsa net: dsa: unbind all switches from tree when DSA master unbinds 2021-01-23 16:04:05 +01:00
ethernet
ethtool ethtool: fix string set id check 2021-01-06 14:56:48 +01:00
hsr
ieee802154
ife
ipv4 tcp: Fix potential use-after-free due to double kfree() 2021-01-27 11:55:28 +01:00
ipv6 ipv6: set multicast flag on the multicast route 2021-01-27 11:55:24 +01:00
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-11-21 14:43:45 -08:00
kcm
key
l2tp
l3mdev
lapb
llc
mac80211 mac80211: check if atf has been disabled in __ieee80211_schedule_txq 2021-01-23 16:04:04 +01:00
mac802154
mpls mpls: load mpls_gso after mpls_iptunnel 2020-10-20 21:16:45 -07:00
mptcp mptcp: fix security context on server socket 2021-01-06 14:56:48 +01:00
ncsi net/ncsi: Use real net-device for response handler 2021-01-12 20:18:10 +01:00
netfilter netfilter: nf_nat: Fix memleak in nf_nat_init 2021-01-19 18:27:33 +01:00
netlabel netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() 2020-11-14 12:07:57 -08:00
netlink
netrom
nfc
nsh
openvswitch openvswitch: fix error return code in validate_and_copy_dec_ttl() 2020-12-04 15:43:14 -08:00
packet net/packet: fix packet receive on L3 devices without visible hard header 2020-11-23 17:29:36 -08:00
phonet
psample
qrtr
rds RDMA: Add rdma_connect_locked() 2020-10-28 09:14:49 -03:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-12 09:18:06 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-11-20 10:04:58 -08:00
rxrpc rxrpc: Fix handling of an unsupported token type in rxrpc_read() 2021-01-23 16:04:03 +01:00
sched net_sched: reject silly cell_log in qdisc_get_rtab() 2021-01-27 11:55:24 +01:00
sctp sctp: change to hold/put transport for proto_unreach_timer 2020-11-14 11:57:12 -08:00
smc net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() 2020-11-19 10:59:19 -08:00
strparser
sunrpc SUNRPC: Handle TCP socket sends with kernel_sendpage() again 2021-01-27 11:54:57 +01:00
switchdev
tipc tipc: fix NULL deref in tipc_link_xmit() 2021-01-23 16:04:00 +01:00
tls net/tls: Protect from calling tls_dev_del for TLS RX twice 2020-11-25 17:31:06 -08:00
unix
vmw_vsock vsock/virtio: discard packets only when socket is really closed 2020-11-23 16:36:29 -08:00
wimax
wireless wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-02-03 23:28:38 +01:00
x25 net/x25: prevent a couple of overflows 2020-12-02 17:26:36 -08:00
xdp xsk: Clear pool even for inactive queues 2021-01-27 11:55:10 +01:00
xfrm net: xfrm: fix memory leak in xfrm_user_policy() 2020-11-10 09:14:25 +01:00
compat.c
devres.c
Kconfig
Makefile
socket.c
sysctl_net.c