diff options
author | Luis R. Rodriguez <mcgrof@do-not-panic.com> | 2013-11-05 09:18:01 -0800 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2013-11-25 20:51:02 +0100 |
commit | e438768ff9b22c83a968e14b79e8c83128e8bfe4 (patch) | |
tree | 956366ad035f64af8965c3a737eaa74598d1e1b6 /net/wireless/nl80211.c | |
parent | cc493e4f5296f4da111f25ea4a216bb77270ccc6 (diff) | |
download | lwn-e438768ff9b22c83a968e14b79e8c83128e8bfe4.tar.gz lwn-e438768ff9b22c83a968e14b79e8c83128e8bfe4.zip |
cfg80211: check regulatory request alpha2 early
Currently nl80211 allows userspace to send the kernel
a bogus regulatory domain with at most 32 rules set
and it won't reject it until after its allocated
memory. Let's be smart about it and take advantage
that the last_request is now available under RTNL
and check if the alpha2 matches an expected request
and reject any bogus userspace requests prior to
hitting the memory allocator.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless/nl80211.c')
-rw-r--r-- | net/wireless/nl80211.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 04fa8bb1b4bb..7b73132910b7 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -5100,6 +5100,9 @@ static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) return -EINVAL; } + if (!reg_is_valid_request(alpha2)) + return -EINVAL; + size_of_regd = sizeof(struct ieee80211_regdomain) + num_rules * sizeof(struct ieee80211_reg_rule); |