projects / openwrt / staging / blogic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1264c3) | patch
mac80211: fix tid_agg_rx NULL dereference
authorJohannes Berg <johannes.berg@intel.com>
Tue, 18 Oct 2016 20:12:08 +0000 (23:12 +0300)
committerJohannes Berg <johannes.berg@intel.com>
Wed, 19 Oct 2016 10:11:49 +0000 (12:11 +0200)
commit1c3d185a9a0b136a58e73b02912d593d0303d1da
treed7d51bc5b0057c491393372bb1b21c1479abb99btree | snapshot
parenta1264c3d6c04f0e4e9d447caaa249d6288b01520commit | diff
mac80211: fix tid_agg_rx NULL dereference

On drivers setting the SUPPORTS_REORDERING_BUFFER hardware flag,
we crash when the peer sends an AddBA request while we already
have a session open on the seame TID; this is because on those
drivers, the tid_agg_rx is left NULL even though the session is
valid, and the agg_session_valid bit is set.

To fix this, store the dialog tokens outside the tid_agg_rx to
be able to compare them to the received AddBA request.

Fixes: f89e07d4cf26 ("mac80211: agg-rx: refuse ADDBA Request with timeout update")
Reported-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/agg-rx.c diff | blob | history
net/mac80211/debugfs_sta.c diff | blob | history
net/mac80211/sta_info.h diff | blob | history
John Crispins staging tree