Skip to content
Commit aeb136c5 authored by Max Stepanov's avatar Max Stepanov Committed by Johannes Berg
Browse files

mac80211: fix a potential NULL access in ieee80211_crypto_hw_decrypt 



The NULL pointer access could happen when ieee80211_crypto_hw_decrypt
is called from ieee80211_rx_h_decrypt with the following condition:
1. rx->key->conf.cipher is not WEP, CCMP, TKIP or AES_CMAC
2. rx->sta is NULL

When ieee80211_crypto_hw_decrypt is called, it verifies
rx->sta->cipher_scheme and it will cause Oops if rx->sta is NULL.

This path adds an addirional rx->sta == NULL verification in
ieee80211_crypto_hw_decrypt for this case.

Signed-off-by: default avatarMax Stepanov <Max.Stepanov@intel.com>
Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent fa96aabb
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment