diff options
| author | Felix Fietkau <nbd@nbd.name> | 2023-03-30 12:00:01 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-08-29 18:30:55 +0300 |
| commit | 8ac387eb54f1c0eb014d7483ed9a9682ead0e80c (patch) | |
| tree | 2823e4fd86c3d6d37a98839cadef33db059f7881 /net/mac80211/rx.c | |
| parent | 44fb2d41522f88b5c7b8a3cc87873ae4bae29d6b (diff) | |
| download | linux-8ac387eb54f1c0eb014d7483ed9a9682ead0e80c.tar.xz | |
wifi: mac80211: fix potential null pointer dereference
commit a16fc38315f2c69c520ee769976ecb9c706b8560 upstream.
rx->sta->amsdu_mesh_control is being passed to ieee80211_amsdu_to_8023s
without checking rx->sta. Since it doesn't make sense to accept A-MSDU
packets without a sta, simply add a check earlier.
Fixes: 6e4c0d0460bd ("wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20230330090001.60750-2-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/mac80211/rx.c')
| -rw-r--r-- | net/mac80211/rx.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index c1711f2b2aff..b6077a97af1d 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2938,7 +2938,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx, u8 data_offset) data_offset, true)) return RX_DROP_UNUSABLE; - if (rx->sta && rx->sta->amsdu_mesh_control < 0) { + if (rx->sta->amsdu_mesh_control < 0) { bool valid_std = ieee80211_is_valid_amsdu(skb, true); bool valid_nonstd = ieee80211_is_valid_amsdu(skb, false); @@ -3014,7 +3014,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) } } - if (is_multicast_ether_addr(hdr->addr1)) + if (is_multicast_ether_addr(hdr->addr1) || !rx->sta) return RX_DROP_UNUSABLE; if (rx->key) { |