mac80211: bail out if cipher schemes are invalid

If any of the cipher schemes specified by the driver are invalid, bail out and fail the registration rather than just warning. Otherwise, we might later crash when we try to use the invalid cipher scheme, e.g. if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd have an out-of-bounds access in RX validation. Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support") Link: https://lore.kernel.org/r/20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2021-04-08 14:31:50 +0200
committer: Johannes Berg <johannes.berg@intel.com> 2021-04-08 15:32:48 +0200
commit: db878e27a98106a70315d264cc92230d84009e72 (patch)
tree: 8603111f6c5337e61dec142d0af0d225477e6686 /net/mac80211
parent: d6843d1ee283137723b4a8c76244607ce6db1951 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 1b9c82616606..0331f3a3c40e 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1141,8 +1141,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
 	if (local->hw.wiphy->max_scan_ie_len)
 		local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len;
 
-	WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
-					 local->hw.n_cipher_schemes));
+	if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
+					     local->hw.n_cipher_schemes))) {
+		result = -EINVAL;
+		goto fail_workqueue;
+	}
 
 	result = ieee80211_init_cipher_suites(local);
 	if (result < 0)
author	Johannes Berg <johannes.berg@intel.com>	2021-04-08 14:31:50 +0200
committer	Johannes Berg <johannes.berg@intel.com>	2021-04-08 15:32:48 +0200
commit	db878e27a98106a70315d264cc92230d84009e72 (patch)
tree	8603111f6c5337e61dec142d0af0d225477e6686 /net/mac80211
parent	d6843d1ee283137723b4a8c76244607ce6db1951 (diff)