diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2017-09-13 14:16:59 -0700 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2017-09-13 14:16:59 -0700 |
commit | 1cea4bfbc911fc3948ae8256b55657576eb03f7d (patch) | |
tree | 4ae37935c124d5b5d0c4acc872b0a493cf744b7c /nl80211-check-for-the-required-netlink-attributes-presence.patch | |
parent | 3d3fae962bbc6b7cf9da36dd3bf6c691ad1848f2 (diff) | |
download | kernel-1cea4bfbc911fc3948ae8256b55657576eb03f7d.tar.gz kernel-1cea4bfbc911fc3948ae8256b55657576eb03f7d.tar.xz kernel-1cea4bfbc911fc3948ae8256b55657576eb03f7d.zip |
Fix CVE-2017-12154 CVE-2017-12153 CVE-2017-1000251
Diffstat (limited to 'nl80211-check-for-the-required-netlink-attributes-presence.patch')
-rw-r--r-- | nl80211-check-for-the-required-netlink-attributes-presence.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/nl80211-check-for-the-required-netlink-attributes-presence.patch b/nl80211-check-for-the-required-netlink-attributes-presence.patch new file mode 100644 index 000000000..3b52fae87 --- /dev/null +++ b/nl80211-check-for-the-required-netlink-attributes-presence.patch @@ -0,0 +1,46 @@ +From patchwork Tue Sep 12 22:21:21 2017 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: nl80211: check for the required netlink attributes presence +From: Vladis Dronov <vdronov@redhat.com> +X-Patchwork-Id: 9950281 +Message-Id: <20170912222121.5032-1-vdronov@redhat.com> +To: Johannes Berg <johannes.berg@intel.com>, + Johannes Berg <johannes@sipsolutions.net>, + linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org +Cc: Vladis Dronov <vdronov@redhat.com>, "# v3 . 1-rc1" <stable@vger.kernel.org> +Date: Wed, 13 Sep 2017 00:21:21 +0200 + +nl80211_set_rekey_data() does not check if the required attributes +NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing +NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by +users with CAP_NET_ADMIN privilege and may result in NULL dereference +and a system crash. Add a check for the required attributes presence. +This patch is based on the patch by bo Zhang. + +This fixes CVE-2017-12153. + +References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 +Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") +Cc: <stable@vger.kernel.org> # v3.1-rc1 +Reported-by: bo Zhang <zhangbo5891001@gmail.com> +Signed-off-by: Vladis Dronov <vdronov@redhat.com> +--- + net/wireless/nl80211.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index 0df8023..fbd5593 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -10903,6 +10903,9 @@ static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) + if (err) + return err; + ++ if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] || ++ !tb[NL80211_REKEY_DATA_KCK]) ++ return -EINVAL; + if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) + return -ERANGE; + if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) |