Commit a16fc383 authored by Felix Fietkau's avatar Felix Fietkau Committed by Johannes Berg

wifi: mac80211: fix potential null pointer dereference

rx->sta->amsdu_mesh_control is being passed to ieee80211_amsdu_to_8023s
without checking rx->sta. Since it doesn't make sense to accept A-MSDU
packets without a sta, simply add a check earlier.

Fixes: 6e4c0d04 ("wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU")
Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20230330090001.60750-2-nbd@nbd.nameSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 4d78e032
...@@ -2930,7 +2930,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx, u8 data_offset) ...@@ -2930,7 +2930,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx, u8 data_offset)
data_offset, true)) data_offset, true))
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
if (rx->sta && rx->sta->amsdu_mesh_control < 0) { if (rx->sta->amsdu_mesh_control < 0) {
bool valid_std = ieee80211_is_valid_amsdu(skb, true); bool valid_std = ieee80211_is_valid_amsdu(skb, true);
bool valid_nonstd = ieee80211_is_valid_amsdu(skb, false); bool valid_nonstd = ieee80211_is_valid_amsdu(skb, false);
...@@ -3006,7 +3006,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) ...@@ -3006,7 +3006,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
} }
} }
if (is_multicast_ether_addr(hdr->addr1)) if (is_multicast_ether_addr(hdr->addr1) || !rx->sta)
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
if (rx->key) { if (rx->key) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment