mac80211: sanity check for null SSID

While associated we should never have empty SSID, but life can be full
of surprises, and is allways better to print a warning than crash.

Before memcpy() in ieee80211_probereq_get() check ssid_len instead of
ssid pointer, sice pointer it always passed by "ssidie + 2" expression
to send probe functions, so practically never can be NULL.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Stanislaw Gruszka 2012-03-29 16:30:41 +02:00 committed by John W. Linville
parent 32c5057b22
commit 88c868c43b
2 changed files with 17 additions and 4 deletions

View file

@ -1518,9 +1518,16 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
ifmgd->nullfunc_failed = false; ifmgd->nullfunc_failed = false;
ieee80211_send_nullfunc(sdata->local, sdata, 0); ieee80211_send_nullfunc(sdata->local, sdata, 0);
} else { } else {
int ssid_len;
ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0, if (WARN_ON_ONCE(ssid == NULL))
(u32) -1, true, false); ssid_len = 0;
else
ssid_len = ssid[1];
ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
0, (u32) -1, true, false);
} }
ifmgd->probe_send_count++; ifmgd->probe_send_count++;
@ -1596,6 +1603,7 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
struct sk_buff *skb; struct sk_buff *skb;
const u8 *ssid; const u8 *ssid;
int ssid_len;
if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
return NULL; return NULL;
@ -1606,8 +1614,13 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
return NULL; return NULL;
ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
if (WARN_ON_ONCE(ssid == NULL))
ssid_len = 0;
else
ssid_len = ssid[1];
skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid, skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid,
(u32) -1, ssid + 2, ssid[1], (u32) -1, ssid + 2, ssid_len,
NULL, 0, true); NULL, 0, true);
return skb; return skb;

View file

@ -2602,7 +2602,7 @@ struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
pos = skb_put(skb, ie_ssid_len); pos = skb_put(skb, ie_ssid_len);
*pos++ = WLAN_EID_SSID; *pos++ = WLAN_EID_SSID;
*pos++ = ssid_len; *pos++ = ssid_len;
if (ssid) if (ssid_len)
memcpy(pos, ssid, ssid_len); memcpy(pos, ssid, ssid_len);
pos += ssid_len; pos += ssid_len;