Revision bf30ca922a0c0176007e074b0acc77ed345e9990 authored by Johannes Berg on 11 May 2021, 18:02:48 UTC, committed by Johannes Berg on 11 May 2021, 18:13:45 UTC
As pointed out by Mathy Vanhoef, we implement the RX PN check on fragmented frames incorrectly - we check against the last received PN prior to the new frame, rather than to the one in this frame itself. Prior patches addressed the security issue here, but in order to be able to reason better about the code, fix it to really compare against the current frame's PN, not the last stored one. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210511200110.bfbc340ff071.Id0b690e581da7d03d76df90bb0e3fd55930bc8a0@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1 parent 3a11ce0
| File | Mode | Size |
|---|---|---|
| Documentation | ||
| LICENSES | ||
| arch | ||
| block | ||
| certs | ||
| crypto | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| ipc | ||
| kernel | ||
| lib | ||
| mm | ||
| net | ||
| samples | ||
| scripts | ||
| security | ||
| sound | ||
| tools | ||
| usr | ||
| virt | ||
| .clang-format | -rw-r--r-- | 16.4 KB |
| .cocciconfig | -rw-r--r-- | 59 bytes |
| .get_maintainer.ignore | -rw-r--r-- | 71 bytes |
| .gitattributes | -rw-r--r-- | 62 bytes |
| .gitignore | -rw-r--r-- | 1.9 KB |
| .mailmap | -rw-r--r-- | 19.3 KB |
| COPYING | -rw-r--r-- | 496 bytes |
| CREDITS | -rw-r--r-- | 98.6 KB |
| Kbuild | -rw-r--r-- | 1.3 KB |
| Kconfig | -rw-r--r-- | 555 bytes |
| MAINTAINERS | -rw-r--r-- | 587.9 KB |
| Makefile | -rw-r--r-- | 64.1 KB |
| README | -rw-r--r-- | 727 bytes |
Computing file changes ...
