jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-12-02 10:42:45 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
releng/11.4
freebsd-src/sys/net80211
History
John Baldwin 62863d44bb MF11 361038,361040: Don't dereference various user pointers. 
360171:
Don't access a user buffer directly from the kernel.

The handle_string callback for the ENCIOC_SETSTRING ioctl was passing
a user pointer to memcpy().  Fix by using copyin() instead.

For ENCIOC_GETSTRING ioctls, the handler was storing the user pointer
in a CCB's data_ptr field where it was indirected by other code.  Fix
this by allocating a temporary buffer (which ENCIOC_SETSTRING already
did) and copying the result out to the user buffer after the CCB has
been processed.

360179:
Don't pass a user buffer pointer as the data pointer in a CCB.

Allocate a temporary buffer in the kernel to serve as the CCB data
pointer for a pass-through transaction and use copyin/copyout to
shuffle the data to/from the user buffer.

360285:
Don't indirect user pointers directly in two 802.11s ioctls.

IEEE80211_MESH_RTCMD_ADD was invoking memcmp() to validate the
supplied address directly on the user pointer rather than first doing
a copyin() and validating the copied value.

IEEE80211_MESH_RTCMD_DELETE was passing the user pointer directly to
ieee80211_mesh_rt_del() rather than copying the user buffer into a
temporary kernel buffer.

360388:
Don't run strcmp() against strings stored in user memory.

Instead, copy the strings into a temporary buffer on the stack and
run strcmp on the copies.

360818:
Fix a memory leak for ENCIOC_GETSTRING I introduced in r360171.

Approved by:	re (gjb)
2020-05-14 18:50:43 +00:00
..
_ieee80211.h
ieee80211_acl.c
ieee80211_action.c
ieee80211_action.h
ieee80211_adhoc.c MFC r343990: 2019-03-09 12:54:10 +00:00
ieee80211_adhoc.h
ieee80211_ageq.c
ieee80211_ageq.h
ieee80211_alq.c
ieee80211_alq.h
ieee80211_amrr.c net80211: fix another possible panic for some drivers 2020-04-09 15:30:21 +00:00
ieee80211_amrr.h
ieee80211_crypto_ccmp.c
ieee80211_crypto_none.c
ieee80211_crypto_tkip.c
ieee80211_crypto_wep.c
ieee80211_crypto.c
ieee80211_crypto.h
ieee80211_ddb.c
ieee80211_dfs.c MFC r343683: 2019-02-08 04:48:12 +00:00
ieee80211_dfs.h
ieee80211_freebsd.c
ieee80211_freebsd.h
ieee80211_hostap.c MFC r343990: 2019-03-09 12:54:10 +00:00
ieee80211_hostap.h
ieee80211_ht.c MFC r345252: 2019-04-01 07:54:27 +00:00
ieee80211_ht.h
ieee80211_hwmp.c
ieee80211_input.c
ieee80211_input.h
ieee80211_ioctl.c MFC r343837: 2019-02-10 20:25:45 +00:00
ieee80211_ioctl.h
ieee80211_mesh.c MF11 361038,361040: Don't dereference various user pointers. 2020-05-14 18:50:43 +00:00
ieee80211_mesh.h
ieee80211_monitor.c
ieee80211_monitor.h
ieee80211_node.c
ieee80211_node.h
ieee80211_output.c MFC r359978: 2020-04-27 23:49:13 +00:00
ieee80211_phy.c
ieee80211_phy.h
ieee80211_power.c
ieee80211_power.h
ieee80211_proto.c MFC r343699: 2019-02-17 03:21:42 +00:00
ieee80211_proto.h MFC r343990: 2019-03-09 12:54:10 +00:00
ieee80211_radiotap.c
ieee80211_radiotap.h
ieee80211_ratectl_none.c
ieee80211_ratectl.c
ieee80211_ratectl.h
ieee80211_regdomain.c
ieee80211_regdomain.h
ieee80211_rssadapt.c
ieee80211_rssadapt.h
ieee80211_scan_sta.c MFC r343696: 2019-02-17 03:12:27 +00:00
ieee80211_scan_sw.c
ieee80211_scan_sw.h
ieee80211_scan.c MFC r343696: 2019-02-17 03:12:27 +00:00
ieee80211_scan.h
ieee80211_sta.c MFC r343990: 2019-03-09 12:54:10 +00:00
ieee80211_sta.h
ieee80211_superg.c
ieee80211_superg.h
ieee80211_tdma.c MFC r343699: 2019-02-17 03:21:42 +00:00
ieee80211_tdma.h
ieee80211_var.h MFC r343474: 2019-02-10 21:00:02 +00:00
ieee80211_wds.c MFC r343990: 2019-03-09 12:54:10 +00:00
ieee80211_wds.h
ieee80211_xauth.c
ieee80211.c MFC r343474: 2019-02-10 21:00:02 +00:00
ieee80211.h