Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

ath6kl: Fix invalid pointer access on fuzz testing with AP mode

In our Fuz testing, reference client corrupts the dest mac to "00:00:00:00:00:00"
in the WPA2 handshake no 2. During driver init the sta_list entries mac
addresses are by default "00:00:00:00:00:00". Driver returns an invalid
pointer (conn) and the drver shall crash, if rxtids (aggr_conn)
skb queues are accessed, since they would not be initialized.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Mohammed Shafi Shajakhan 12 years ago
parent
f32036e823
commit
9d0e2f0772
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      drivers/net/wireless/ath/ath6kl/main.c

+ 3 - 0
drivers/net/wireless/ath/ath6kl/main.c
View File 

@@ -29,6 +29,9 @@ struct ath6kl_sta *ath6kl_find_sta(struct ath6kl_vif *vif, u8 *node_addr)
 
 	struct ath6kl_sta *conn = NULL;
 
 	u8 i, max_conn;
 
 
+	if (is_zero_ether_addr(node_addr))
 
+		return NULL;
 
+
 
 	max_conn = (vif->nw_type == AP_NETWORK) ? AP_MAX_NUM_STA : 0;
 
 
 	for (i = 0; i < max_conn; i++) {