kernel-fxtec-pro1x/net/mac80211
Johannes Berg cd87a2d3a3 mac80211: fix use-after-free
commit 8c0c709eea
Author: Johannes Berg <johannes@sipsolutions.net>
Date:   Wed Nov 25 17:46:15 2009 +0100

    mac80211: move cmntr flag out of rx flags

moved the CMTR flag into the skb's status, and
in doing so introduced a use-after-free -- when
the skb has been handed to cooked monitors the
status setting will touch now invalid memory.

Additionally, moving it there has effectively
discarded the optimisation -- since the bit is
only ever set on freed SKBs, and those were a
copy, it could never be checked.

For the current release, fixing this properly
is a bit too involved, so let's just remove the
problematic code and leave userspace with one
copy of each frame for each virtual interface.

Cc: stable@kernel.org [2.6.33+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:21:55 -04:00
..
aes_ccm.c
aes_ccm.h
aes_cmac.c
aes_cmac.h
agg-rx.c mac80211: update aggregation documentation 2010-06-14 15:39:28 -04:00
agg-tx.c mac80211: update aggregation documentation 2010-06-14 15:39:28 -04:00
cfg.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2010-07-29 14:47:07 -04:00
cfg.h
chan.c mac80211: make a function static 2010-05-28 13:41:27 -04:00
debugfs.c mac80211: reduce debugfs code size 2010-06-03 14:14:41 -04:00
debugfs.h net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
debugfs_key.c mac80211: Use a separate CCMP PN receive counter for management frames 2010-06-15 16:00:49 -04:00
debugfs_key.h
debugfs_netdev.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2010-04-15 16:21:34 -04:00
debugfs_netdev.h mac80211: reduce reliance on netdev 2009-12-21 18:38:52 -05:00
debugfs_sta.c mac80211: make TX aggregation start/stop request async 2010-06-14 15:39:27 -04:00
debugfs_sta.h
driver-ops.h mac80211: add basic tracing to drv_get_survey 2010-06-29 14:51:23 -04:00
driver-trace.c
driver-trace.h mac80211: add basic tracing to drv_get_survey 2010-06-29 14:51:23 -04:00
event.c
ht.c mac80211: skip HT parsing if HW does not support HT 2010-07-16 14:03:42 -04:00
ibss.c mac80211: proper IBSS locking 2010-07-21 15:13:42 -04:00
ieee80211_i.h mac80211: allow drivers to request DTIM period 2010-07-29 12:55:00 -04:00
iface.c mac80211: set carrier on for monitor interfaces on ieee80211_open 2010-07-20 16:02:58 -04:00
Kconfig mac82011: Allow selection of minstrel_ht as default rc algorithm 2010-06-30 15:00:53 -04:00
key.c mac80211: Fix key freeing to handle unlinked keys 2010-07-27 14:59:58 -04:00
key.h mac80211: Fix key freeing to handle unlinked keys 2010-07-27 14:59:58 -04:00
led.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
led.h
main.c mac80211: delete work timer 2010-08-30 16:02:34 -04:00
Makefile mac80211: add the minstrel_ht rate control algorithm 2010-06-02 16:12:59 -04:00
mesh.c mac80211: pull mgmt frame rx into rx handler 2010-06-14 15:39:26 -04:00
mesh.h mac80211: pull mgmt frame rx into rx handler 2010-06-14 15:39:26 -04:00
mesh_hwmp.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
mesh_pathtbl.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
mesh_plink.c mac80211: avoid scheduling while atomic in mesh_rx_plink_frame 2010-06-24 15:42:30 -04:00
michael.c
michael.h
mlme.c mac80211: allow drivers to request DTIM period 2010-07-29 12:55:00 -04:00
offchannel.c mac80211: Fixed netif_tx_wake_all_queues in IBSS mode 2010-01-15 16:58:28 -05:00
pm.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
rate.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rate.h mac80211: add the minstrel_ht rate control algorithm 2010-06-02 16:12:59 -04:00
rc80211_minstrel.c minstrel: don't complain about feedback for unrequested rates 2010-07-26 15:09:04 -04:00
rc80211_minstrel.h minstrel: make the rate control ops reusable from another rc implementation 2010-03-10 17:44:23 -05:00
rc80211_minstrel_debugfs.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
rc80211_minstrel_ht.c mac80211: freeing the wrong variable 2010-07-26 15:32:41 -04:00
rc80211_minstrel_ht.h minstrel_ht: move minstrel_mcs_groups declaration to header file 2010-06-24 15:42:18 -04:00
rc80211_minstrel_ht_debugfs.c minstrel_ht: move minstrel_mcs_groups declaration to header file 2010-06-24 15:42:18 -04:00
rc80211_pid.h
rc80211_pid_algo.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rc80211_pid_debugfs.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rx.c mac80211: fix use-after-free 2010-09-24 15:21:55 -04:00
scan.c mac80211: fix scan locking wrt. hw scan 2010-08-04 15:27:36 -04:00
spectmgmt.c mac80211: reduce reliance on netdev 2009-12-21 18:38:52 -05:00
sta_info.c mac80211: Fix key freeing to handle unlinked keys 2010-07-27 14:59:58 -04:00
sta_info.h mac80211: fix the for_each_sta_info macro 2010-06-28 15:16:20 -04:00
status.c mac80211: use netif_receive_skb in ieee80211_tx_status callpath 2010-06-28 15:14:51 -04:00
tkip.c mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
tkip.h mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
tx.c mac80211: Put some code under MESH macro 2010-07-28 16:24:01 -04:00
util.c mac80211: Don't set per-BSS QoS for monitor interfaces 2010-07-26 15:32:42 -04:00
wep.c mac80211: improve error checking if WEP fails to init 2010-07-16 14:03:42 -04:00
wep.h mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
wme.c mac80211: fix-up build breakage in 2.6.33 2010-01-06 15:35:49 -05:00
wme.h mac80211: fix skb buffering issue 2010-01-05 16:21:40 -05:00
work.c mac80211: allow drivers to request DTIM period 2010-07-29 12:55:00 -04:00
wpa.c mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
wpa.h