linux/net/mac80211
Johannes Berg 4253119acf mac80211: fix two remote exploits
Lennert Buytenhek noticed a remotely triggerable problem
in mac80211, which is due to some code shuffling I did
that ended up changing the order in which things were
done -- this was in

  commit d75636ef9c
  Author: Johannes Berg <johannes@sipsolutions.net>
  Date:   Tue Feb 10 21:25:53 2009 +0100

    mac80211: RX aggregation: clean up stop session

The problem is that the BUG_ON moved before the various
checks, and as such can be triggered.

As the comment indicates, the BUG_ON can be removed since
the ampdu_action callback must already exist when the
state is OPERATIONAL.

A similar code path leads to a WARN_ON in
ieee80211_stop_tx_ba_session, which can also be removed.

Cc: stable@kernel.org [2.6.29+]
Cc: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-11-30 13:52:21 -05:00
..
aes_ccm.c mac80211: aes_ccm.c remove crypto wrapper and extra args 2008-07-08 14:16:02 -04:00
aes_ccm.h mac80211: pass scratch buffer directly, remove additional pointers 2008-07-08 14:16:02 -04:00
aes_cmac.c mac80211: 802.11w - Add BIP (AES-128-CMAC) 2009-01-29 16:00:02 -05:00
aes_cmac.h mac80211: 802.11w - Add BIP (AES-128-CMAC) 2009-01-29 16:00:02 -05:00
agg-rx.c mac80211: fix two remote exploits 2009-11-30 13:52:21 -05:00
agg-tx.c mac80211: fix two remote exploits 2009-11-30 13:52:21 -05:00
cfg.c mac80211: check interface is down before type change 2009-11-02 15:14:07 -05:00
cfg.h
debugfs_key.c mac80211: 802.11w - Use BIP (AES-128-CMAC) 2009-01-29 16:00:03 -05:00
debugfs_key.h mac80211: 802.11w - Use BIP (AES-128-CMAC) 2009-01-29 16:00:03 -05:00
debugfs_netdev.c mac80211: New stat counters for multicast and unicast forwarded frames 2009-08-20 11:36:04 -04:00
debugfs_netdev.h mac80211: revamp virtual interface handling 2008-07-14 14:30:07 -04:00
debugfs_sta.c mac80211: improve per-sta debugfs 2009-07-10 14:57:54 -04:00
debugfs_sta.h mac80211: RCU-ify STA info structure access 2008-03-06 15:30:46 -05:00
debugfs.c mac80211: remove master netdev 2009-07-24 15:05:30 -04:00
debugfs.h
driver-ops.h mac80211: remove tasklet enable/disable 2009-08-28 14:40:34 -04:00
driver-trace.c mac80211: fix sparse warnings/errors 2009-08-04 16:43:25 -04:00
driver-trace.h mac80211: allow configure_filter callback to sleep 2009-08-20 11:35:58 -04:00
event.c cfg80211: use proper allocation flags 2009-07-10 15:01:49 -04:00
ht.c mac80211: fix reason code output endianness 2009-10-30 15:50:25 -04:00
ibss.c mac80211: fix BSS leak 2009-10-30 15:50:24 -04:00
ieee80211_i.h mac80211: fix resume 2009-11-19 11:08:39 -05:00
iface.c net: Add DEVTYPE support for Ethernet based devices 2009-09-11 12:54:55 -07:00
Kconfig wireless: remove mac80211 rate selection extra menu 2009-09-02 15:29:03 -04:00
key.c mac80211: fix todo lock 2009-07-10 15:01:48 -04:00
key.h nl80211: Add RSC configuration for new keys 2009-05-13 15:44:39 -04:00
led.c mac80211: rename files 2008-04-08 16:44:45 -04:00
led.h mac80211: rename files 2008-04-08 16:44:45 -04:00
main.c mac80211: remove tasklet enable/disable 2009-08-28 14:40:34 -04:00
Makefile cfg80211: self-contained wext handling where possible 2009-07-29 15:46:20 -04:00
mesh_hwmp.c mac80211: trivial: fix spelling in mesh_hwmp 2009-10-27 16:29:47 -04:00
mesh_pathtbl.c mac80211: Move mpath and mpp growth to mesh workqueue. 2009-08-14 09:14:01 -04:00
mesh_plink.c mac80211: Fix invalid length passed to IE parser for PLINK CONFIRM frames 2009-08-14 09:14:06 -04:00
mesh.c mac80211: Update mesh config IE to 11s draft 3.02 2009-08-28 14:40:24 -04:00
mesh.h mac80211: Decouple fail_avg stats used by mesh from rate control algorithm. 2009-08-20 11:36:02 -04:00
michael.c mac80211: remove ieee80211_get_hdr_info 2008-07-08 14:16:01 -04:00
michael.h mac80211: remove ieee80211_get_hdr_info 2008-07-08 14:16:01 -04:00
mlme.c mac80211: keep auth state when assoc fails 2009-10-27 16:29:47 -04:00
pm.c mac80211: fix configure_filter invocation after stop 2009-08-28 14:40:25 -04:00
rate.c mac80211: remove master netdev 2009-07-24 15:05:30 -04:00
rate.h mac80211: rate control status only for controlled packets 2009-03-27 20:13:15 -04:00
rc80211_minstrel_debugfs.c net: file_operations should be const 2009-09-02 01:03:53 -07:00
rc80211_minstrel.c rc80211_minstrel: fix contention window calculation 2009-09-23 11:35:42 -04:00
rc80211_minstrel.h mac80211: Remove unnused throughput field from minstrel_rate. 2009-08-28 14:40:34 -04:00
rc80211_pid_algo.c rc80211_pid_algo.c: remove unused variable declaration 2009-08-20 11:36:03 -04:00
rc80211_pid_debugfs.c headers: remove sched.h from interrupt.h 2009-10-11 11:20:58 -07:00
rc80211_pid.h mac80211/drivers: rewrite the rate control API 2008-10-31 19:00:23 -04:00
rx.c mac80211: document ieee80211_rx() context requirement 2009-10-12 15:55:53 -04:00
scan.c mac80211: fix DTIM setting 2009-09-23 11:35:53 -04:00
spectmgmt.c mac80211: move channel switch code 2009-05-20 14:46:25 -04:00
sta_info.c mac80211: fix vlan and optimise RX 2009-10-07 16:33:49 -04:00
sta_info.h mac80211: fix PS-poll response, race 2009-07-27 15:24:19 -04:00
tkip.c mac80211: add driver ops wrappers 2009-05-06 15:14:37 -04:00
tkip.h mac80211: tkip.c consolidate tkip IV writing in helper 2008-06-14 12:18:13 -04:00
tx.c mac80211: fix for incorrect sequence number on hostapd injected frames 2009-10-27 16:29:48 -04:00
util.c mac80211: fix resume 2009-11-19 11:08:39 -05:00
wep.c cfg80211: rework key operation 2009-07-24 15:05:09 -04:00
wep.h cfg80211: rework key operation 2009-07-24 15:05:09 -04:00
wme.c mac80211: remove master netdev 2009-07-24 15:05:30 -04:00
wme.h mac80211: remove master netdev 2009-07-24 15:05:30 -04:00
wpa.c cfg80211: use proper allocation flags 2009-07-10 15:01:49 -04:00
wpa.h mac80211: 802.11w - Add BIP (AES-128-CMAC) 2009-01-29 16:00:02 -05:00