summaryrefslogtreecommitdiffstats
path: root/net/wireless
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2024-06-11 18:58:16 +0200
committerJohannes Berg <johannes.berg@intel.com>2024-06-12 10:06:58 +0200
commit0941772342d59e48733131ac3a202fa1a4d832e9 (patch)
tree3957a094d8626437eefce019a6a9fd61629cd368 /net/wireless
parentwifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (diff)
downloadlinux-0941772342d59e48733131ac3a202fa1a4d832e9.tar.xz
linux-0941772342d59e48733131ac3a202fa1a4d832e9.zip
wifi: cfg80211: wext: set ssids=NULL for passive scans
In nl80211, we always set the ssids of a scan request to NULL when n_ssids==0 (passive scan). Drivers have relied on this behaviour in the past, so we fixed it in 6 GHz scan requests as well, and added a warning so we'd have assurance the API would always be called that way. syzbot found that wext doesn't ensure that, so we reach the check and trigger the warning. Fix the wext code to set the ssids pointer to NULL when there are none. Reported-by: syzbot+cd6135193ba6bb9ad158@syzkaller.appspotmail.com Fixes: f7a8b10bfd61 ("wifi: cfg80211: fix 6 GHz scan request building") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless')
-rw-r--r--net/wireless/scan.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 2f2a3163968a..d7485e26f4fc 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -3493,8 +3493,10 @@ int cfg80211_wext_siwscan(struct net_device *dev,
memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
creq->ssids[0].ssid_len = wreq->essid_len;
}
- if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE)
+ if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) {
+ creq->ssids = NULL;
creq->n_ssids = 0;
+ }
}
for (i = 0; i < NUM_NL80211_BANDS; i++)