summaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2023-03-30 11:00:01 +0200
committerJohannes Berg <johannes.berg@intel.com>2023-03-30 11:13:53 +0200
commita16fc38315f2c69c520ee769976ecb9c706b8560 (patch)
tree6536ecfdf67fe8cf1109054106e1a0bd74b2d030 /net/mac80211
parentwifi: mac80211: drop bogus static keywords in A-MSDU rx (diff)
downloadlinux-a16fc38315f2c69c520ee769976ecb9c706b8560.tar.xz
linux-a16fc38315f2c69c520ee769976ecb9c706b8560.zip
wifi: mac80211: fix potential null pointer dereference
rx->sta->amsdu_mesh_control is being passed to ieee80211_amsdu_to_8023s without checking rx->sta. Since it doesn't make sense to accept A-MSDU packets without a sta, simply add a check earlier. Fixes: 6e4c0d0460bd ("wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU") Signed-off-by: Felix Fietkau <nbd@nbd.name> Link: https://lore.kernel.org/r/20230330090001.60750-2-nbd@nbd.name Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/rx.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 9353616b528f..78351895c3c6 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2930,7 +2930,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx, u8 data_offset)
data_offset, true))
return RX_DROP_UNUSABLE;
- if (rx->sta && rx->sta->amsdu_mesh_control < 0) {
+ if (rx->sta->amsdu_mesh_control < 0) {
bool valid_std = ieee80211_is_valid_amsdu(skb, true);
bool valid_nonstd = ieee80211_is_valid_amsdu(skb, false);
@@ -3006,7 +3006,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
}
}
- if (is_multicast_ether_addr(hdr->addr1))
+ if (is_multicast_ether_addr(hdr->addr1) || !rx->sta)
return RX_DROP_UNUSABLE;
if (rx->key) {