mac80211: bail out if cipher schemes are invalid
authorJohannes Berg <johannes.berg@intel.com>
Thu, 8 Apr 2021 12:31:50 +0000 (14:31 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 22 May 2021 08:40:27 +0000 (10:40 +0200)
commit7a26eae77767a388da2987e3947ceb5524976e12
tree9c3de35d2a357b4022c665fc97da5ee8725c7da8
parent01ffcc8ac1f51630021fd0805b995e003e9f89c4
mac80211: bail out if cipher schemes are invalid

[ Upstream commit db878e27a98106a70315d264cc92230d84009e72 ]

If any of the cipher schemes specified by the driver are invalid, bail
out and fail the registration rather than just warning.  Otherwise, we
might later crash when we try to use the invalid cipher scheme, e.g.
if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd
have an out-of-bounds access in RX validation.

Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support")
Link: https://lore.kernel.org/r/20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/mac80211/main.c