diff options
author | Johannes Berg <johannes.berg@intel.com> | 2012-11-05 20:27:57 +0100 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2012-11-07 18:01:39 +0100 |
commit | 41c97a2032e753d7975828c51b23b570dc6f9b0d (patch) | |
tree | 6de866bd4f98224d1f4f9b6797f436d1c8620512 | |
parent | mac80211: use mac_pton (diff) | |
download | linux-41c97a2032e753d7975828c51b23b570dc6f9b0d.tar.xz linux-41c97a2032e753d7975828c51b23b570dc6f9b0d.zip |
mac80211: fix race in TKIP MIC test debugfs file
Accessing sdata->vif.bss_conf.bssid without any
protection here is racy, use u.mgd.associated
instead and lock the correct mutex for it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r-- | net/mac80211/debugfs_netdev.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index 4b68ec770bdd..99ce871bfcf9 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -284,13 +284,16 @@ static ssize_t ieee80211_if_parse_tkip_mic_test( case NL80211_IFTYPE_STATION: fc |= cpu_to_le16(IEEE80211_FCTL_TODS); /* BSSID SA DA */ - if (sdata->vif.bss_conf.bssid == NULL) { + mutex_lock(&sdata->u.mgd.mtx); + if (!sdata->u.mgd.associated) { + mutex_unlock(&sdata->u.mgd.mtx); dev_kfree_skb(skb); return -ENOTCONN; } - memcpy(hdr->addr1, sdata->vif.bss_conf.bssid, ETH_ALEN); + memcpy(hdr->addr1, sdata->u.mgd.associated->bssid, ETH_ALEN); memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN); memcpy(hdr->addr3, addr, ETH_ALEN); + mutex_unlock(&sdata->u.mgd.mtx); break; default: dev_kfree_skb(skb); |