mac80211: fix a potential NULL access in ieee80211_crypto_hw_decrypt
authorMax Stepanov <Max.Stepanov@intel.com>
Wed, 9 Jul 2014 13:55:32 +0000 (16:55 +0300)
committerJohannes Berg <johannes.berg@intel.com>
Mon, 21 Jul 2014 10:34:08 +0000 (12:34 +0200)
commitaeb136c5b433377324f030b1a50b96eb7a99193b
treecbebda7a6a91bf5e6edc4b48ad3cbe29977288e1
parentfa96aabb6a34eeb86ce6a5e1a3914fe9f106cfcc
mac80211: fix a potential NULL access in ieee80211_crypto_hw_decrypt

The NULL pointer access could happen when ieee80211_crypto_hw_decrypt
is called from ieee80211_rx_h_decrypt with the following condition:
1. rx->key->conf.cipher is not WEP, CCMP, TKIP or AES_CMAC
2. rx->sta is NULL

When ieee80211_crypto_hw_decrypt is called, it verifies
rx->sta->cipher_scheme and it will cause Oops if rx->sta is NULL.

This path adds an addirional rx->sta == NULL verification in
ieee80211_crypto_hw_decrypt for this case.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/wpa.c