← Back to branch summary

~vcs-imports/ipfire/ipfire-2.x

« back to all changes in this revision

Viewing changes to src/patches/linux/linux-5.15-wifi-security-patches-10.patch

  • Committer: Peter Müller
  • Date: 2022-10-17 16:26:19 UTC
  • Revision ID: git-v1:ee2e7db90bf12ab1c028f5f3b955afaf9cdf76f5
Tags: v2.27-core171
linux: Add upstream patches for CVE-2022-4{1674,2719-2722}

https://lists.ipfire.org/pipermail/development/2022-October/014562.html

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/patches/linux/linux-5.15-wifi-security-patches-10.patch
 
1
From 21df3a583e8e03d8f74fa2eedbcd7a2b3f5cabc1 Mon Sep 17 00:00:00 2001
 
2
From: Johannes Berg <johannes.berg@intel.com>
 
3
Date: Thu, 13 Oct 2022 20:15:57 +0200
 
4
Subject: [PATCH] mac80211: move CRC into struct ieee802_11_elems
 
5
 
 
6
commit c6e37ed498f958254b5459253199e816b6bfc52f upstream.
 
7
 
 
8
We're currently returning this value, but to prepare for
 
9
returning the allocated structure, move it into there.
 
10
 
 
11
Link: https://lore.kernel.org/r/20210920154009.479b8ebf999d.If0d4ba75ee38998dc3eeae25058aa748efcb2fc9@changeid
 
12
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
13
Cc: Felix Fietkau <nbd@nbd.name>
 
14
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
15
---
 
16
 net/mac80211/ieee80211_i.h |  9 +++++----
 
17
 net/mac80211/mlme.c        |  9 +++++----
 
18
 net/mac80211/util.c        | 10 +++++-----
 
19
 3 files changed, 15 insertions(+), 13 deletions(-)
 
20
 
 
21
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
 
22
index 4bd55af184b2..5ea38ae65809 100644
 
23
--- a/net/mac80211/ieee80211_i.h
 
24
+++ b/net/mac80211/ieee80211_i.h
 
25
@@ -1532,6 +1532,7 @@ struct ieee80211_csa_ie {
 
26
 struct ieee802_11_elems {
 
27
        const u8 *ie_start;
 
28
        size_t total_len;
 
29
+       u32 crc;
 
30
 
 
31
        /* pointers to IEs */
 
32
        const struct ieee80211_tdls_lnkie *lnk_id;
 
33
@@ -2218,10 +2219,10 @@ static inline void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata,
 
34
        ieee80211_tx_skb_tid(sdata, skb, 7);
 
35
 }
 
36
 
 
37
-u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
 
38
-                              struct ieee802_11_elems *elems,
 
39
-                              u64 filter, u32 crc, u8 *transmitter_bssid,
 
40
-                              u8 *bss_bssid);
 
41
+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
 
42
+                               struct ieee802_11_elems *elems,
 
43
+                               u64 filter, u32 crc, u8 *transmitter_bssid,
 
44
+                               u8 *bss_bssid);
 
45
 static inline void ieee802_11_parse_elems(const u8 *start, size_t len,
 
46
                                          bool action,
 
47
                                          struct ieee802_11_elems *elems,
 
48
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
 
49
index 1548f532dc1a..4414e82e71d1 100644
 
50
--- a/net/mac80211/mlme.c
 
51
+++ b/net/mac80211/mlme.c
 
52
@@ -4102,10 +4102,11 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
 
53
         */
 
54
        if (!ieee80211_is_s1g_beacon(hdr->frame_control))
 
55
                ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
 
56
-       ncrc = ieee802_11_parse_elems_crc(variable,
 
57
-                                         len - baselen, false, &elems,
 
58
-                                         care_about_ies, ncrc,
 
59
-                                         mgmt->bssid, bssid);
 
60
+       ieee802_11_parse_elems_crc(variable,
 
61
+                                  len - baselen, false, &elems,
 
62
+                                  care_about_ies, ncrc,
 
63
+                                  mgmt->bssid, bssid);
 
64
+       ncrc = elems.crc;
 
65
 
 
66
        if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
 
67
            ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
 
68
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
 
69
index 00543ea9c6b5..ceb6894381e4 100644
 
70
--- a/net/mac80211/util.c
 
71
+++ b/net/mac80211/util.c
 
72
@@ -1468,10 +1468,10 @@ static size_t ieee802_11_find_bssid_profile(const u8 *start, size_t len,
 
73
        return found ? profile_len : 0;
 
74
 }
 
75
 
 
76
-u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
 
77
-                              struct ieee802_11_elems *elems,
 
78
-                              u64 filter, u32 crc, u8 *transmitter_bssid,
 
79
-                              u8 *bss_bssid)
 
80
+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
 
81
+                               struct ieee802_11_elems *elems,
 
82
+                               u64 filter, u32 crc, u8 *transmitter_bssid,
 
83
+                               u8 *bss_bssid)
 
84
 {
 
85
        const struct element *non_inherit = NULL;
 
86
        u8 *nontransmitted_profile;
 
87
@@ -1523,7 +1523,7 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
 
88
 
 
89
        kfree(nontransmitted_profile);
 
90
 
 
91
-       return crc;
 
92
+       elems->crc = crc;
 
93
 }
 
94
 
 
95
 void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata,
 
96
-- 
 
97
2.30.2
 
98