summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEliad Peller <eliad@wizery.com>2011-11-24 20:13:56 +0400
committerJohn W. Linville <linville@tuxdriver.com>2011-11-28 22:46:40 +0400
commite007b857e88097c96c45620bf3b04a4e309053d1 (patch)
tree3ebc3353b33539c33e50335c9391f8727e826614
parent82e5fc2a34fa9ffea38f00c4066b7e600a0ca5e6 (diff)
downloadlinux-e007b857e88097c96c45620bf3b04a4e309053d1.tar.xz
nl80211: fix MAC address validation
MAC addresses have a fixed length. The current policy allows passing < ETH_ALEN bytes, which might result in reading beyond the buffer. Cc: stable@vger.kernel.org Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/wireless/nl80211.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index b3a476fe8272..ffafda5022c2 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -89,8 +89,8 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
- [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
- [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
+ [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
+ [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,