From: Johannes Berg <johannes@sipsolutions.net>
To: linux-wireless@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>,
syzbot+2676771ed06a6df166ad@syzkaller.appspotmail.com
Subject: [PATCH] wifi: cfg80211: reject auth/assoc to AP with our address
Date: Tue, 15 Aug 2023 18:09:00 +0200 [thread overview]
Message-ID: <20230815180859.d9af625a795f.Iaf496e41e031d1821f4748e6735b6c977b762104@changeid> (raw)
From: Johannes Berg <johannes.berg@intel.com>
If the AP uses our own address as its MLD address or BSSID, then
clearly something's wrong. Reject such connections so we don't
try and fail later.
Reported-by: syzbot+2676771ed06a6df166ad@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/wireless/mlme.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index ac059cefbeb3..cd1d66016ba1 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -281,6 +281,11 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
ether_addr_equal(req->bss->bssid, wdev->u.client.connected_addr))
return -EALREADY;
+ if (ether_addr_equal(req->bss->bssid, dev->dev_addr) ||
+ (req->link_id >= 0 &&
+ ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
+ return -EINVAL;
+
return rdev_auth(rdev, dev, req);
}
@@ -342,6 +347,11 @@ int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
!ether_addr_equal(wdev->u.client.connected_addr, req->prev_bssid)))
return -EALREADY;
+ if (ether_addr_equal(req->bss->bssid, dev->dev_addr) ||
+ (req->link_id >= 0 &&
+ ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
+ return -EINVAL;
+
cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
rdev->wiphy.ht_capa_mod_mask);
cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
--
2.41.0
reply other threads:[~2023-08-15 16:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230815180859.d9af625a795f.Iaf496e41e031d1821f4748e6735b6c977b762104@changeid \
--to=johannes@sipsolutions.net \
--cc=johannes.berg@intel.com \
--cc=linux-wireless@vger.kernel.org \
--cc=syzbot+2676771ed06a6df166ad@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).