www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Vladis Dronov <vdronov@redhat.com>
	Tue, 12 Sep 2017 22:21:21 +0000 (00:21 +0200)
committer	Brian Maly <brian.maly@oracle.com>
	Mon, 4 Feb 2019 23:25:41 +0000 (18:25 -0500)
commit	f7b49d15cf9bdf2a312c37f2371bfb949ba6e036
tree	31e6f9ae98e3b876adafbc803e01060fdc45cc5e	tree
parent	c53014e4d7755b33f675e139b8359d94ebe0c04b	commit \| diff

nl80211: check for the required netlink attributes presence

nl80211_set_rekey_data() does not check if the required attributes
NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
users with CAP_NET_ADMIN privilege and may result in NULL dereference
and a system crash. Add a check for the required attributes presence.
This patch is based on the patch by bo Zhang.

This fixes CVE-2017-12153.

References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046
Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload")
Cc: <stable@vger.kernel.org> # v3.1-rc1
Reported-by: bo Zhang <zhangbo5891001@gmail.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit e785fa0a164aa11001cba931367c7f94ffaff888)

Orabug: 29245533
CVE: CVE-2017-12153

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Allen Pais <allen.pais@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>