diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2010-08-09 15:52:03 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-08-26 16:45:48 -0700 |
| commit | 57001f2240b0cba6ec95f460da34c0e81f52b4c2 (patch) | |
| tree | 85ce058043ded5404b971c6370e3f388e7d21fb6 /net/wireless | |
| parent | 19d3c4671fabe2b80e6d449f88dd1822b6be66da (diff) | |
| download | kernel-crypto-57001f2240b0cba6ec95f460da34c0e81f52b4c2.tar.gz kernel-crypto-57001f2240b0cba6ec95f460da34c0e81f52b4c2.tar.xz kernel-crypto-57001f2240b0cba6ec95f460da34c0e81f52b4c2.zip | |
cfg80211: fix locking in action frame TX
commit fe100acddf438591ecf3582cb57241e560da70b7 upstream.
Accesses to "wdev->current_bss" must be
locked with the wdev lock, which action
frame transmission is missing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net/wireless')
| -rw-r--r-- | net/wireless/mlme.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index ef17fcf8509..e4be6887618 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c @@ -842,12 +842,18 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev, return -EINVAL; if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { /* Verify that we are associated with the destination AP */ + wdev_lock(wdev); + if (!wdev->current_bss || memcmp(wdev->current_bss->pub.bssid, mgmt->bssid, ETH_ALEN) != 0 || memcmp(wdev->current_bss->pub.bssid, mgmt->da, - ETH_ALEN) != 0) + ETH_ALEN) != 0) { + wdev_unlock(wdev); return -ENOTCONN; + } + wdev_unlock(wdev); + } if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0) |