diff options
| author | Davis Mosenkovs <davis@mosenkovs.lv> | 2021-07-10 21:37:10 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-07-20 16:21:09 +0200 |
| commit | 54ec4c414cf6cc8ba3eb6bee7452c37da6c00437 (patch) | |
| tree | 190e5b8e0904b79397c7de2ce09315d1aa7e1ea5 /net | |
| parent | 545914a9f926b8b6c9193cdee352c1fa70e6df18 (diff) | |
| download | linux-stable-54ec4c414cf6cc8ba3eb6bee7452c37da6c00437.tar.gz linux-stable-54ec4c414cf6cc8ba3eb6bee7452c37da6c00437.tar.bz2 linux-stable-54ec4c414cf6cc8ba3eb6bee7452c37da6c00437.zip | |
mac80211: fix memory corruption in EAPOL handling
Commit e3d4030498c3 ("mac80211: do not accept/forward invalid EAPOL
frames") uses skb_mac_header() before eth_type_trans() is called
leading to incorrect pointer, the pointer gets written to. This issue
has appeared during backporting to 4.4, 4.9 and 4.14.
Fixes: e3d4030498c3 ("mac80211: do not accept/forward invalid EAPOL frames")
Link: https://lore.kernel.org/r/CAHQn7pKcyC_jYmGyTcPCdk9xxATwW5QPNph=bsZV8d-HPwNsyA@mail.gmail.com
Cc: <stable@vger.kernel.org> # 4.4.x
Signed-off-by: Davis Mosenkovs <davis@mosenkovs.lv>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/mac80211/rx.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 3a069cb188b7..b40e71a5d795 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2380,7 +2380,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx) #endif if (skb) { - struct ethhdr *ehdr = (void *)skb_mac_header(skb); + struct ethhdr *ehdr = (struct ethhdr *)skb->data; /* deliver to local stack */ skb->protocol = eth_type_trans(skb, dev); |