diff options
author | John W. Linville <linville@tuxdriver.com> | 2013-06-19 20:50:44 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2013-06-19 20:50:44 +0200 |
commit | 2f2a8846d51ed7342603a8d7c196fcc9e2f8a319 (patch) | |
tree | 16fc241ce3b45e787dad98fbf4e79ab790519c0a /net | |
parent | brcmfmac: free primary net_device when brcmf_bus_start() fails (diff) | |
parent | nl80211: fix attrbuf access race by allocating a separate one (diff) | |
download | linux-2f2a8846d51ed7342603a8d7c196fcc9e2f8a319.tar.xz linux-2f2a8846d51ed7342603a8d7c196fcc9e2f8a319.zip |
Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
Diffstat (limited to 'net')
-rw-r--r-- | net/wireless/nl80211.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d5aed3bb3945..b14b7e3cb6e6 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -1564,12 +1564,17 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) struct cfg80211_registered_device *dev; s64 filter_wiphy = -1; bool split = false; - struct nlattr **tb = nl80211_fam.attrbuf; + struct nlattr **tb; int res; + /* will be zeroed in nlmsg_parse() */ + tb = kmalloc(sizeof(*tb) * (NL80211_ATTR_MAX + 1), GFP_KERNEL); + if (!tb) + return -ENOMEM; + mutex_lock(&cfg80211_mutex); res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, - tb, nl80211_fam.maxattr, nl80211_policy); + tb, NL80211_ATTR_MAX, nl80211_policy); if (res == 0) { split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP]; if (tb[NL80211_ATTR_WIPHY]) @@ -1583,6 +1588,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) netdev = dev_get_by_index(sock_net(skb->sk), ifidx); if (!netdev) { mutex_unlock(&cfg80211_mutex); + kfree(tb); return -ENODEV; } if (netdev->ieee80211_ptr) { @@ -1593,6 +1599,7 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) dev_put(netdev); } } + kfree(tb); list_for_each_entry(dev, &cfg80211_rdev_list, list) { if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) |