summaryrefslogtreecommitdiff
path: root/net/wireless
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2023-08-15 19:09:00 +0300
committerJohannes Berg <johannes.berg@intel.com>2023-08-22 22:40:10 +0300
commit5d4e04bf3a0f098bd9033de3a5291810fa14c7a6 (patch)
tree0b6faaa6cf3bc84382cf5c6e8b6f3d5e7cf87404 /net/wireless
parent19e4a47ee74718a22e963e8a647c8c3bfe8bb05c (diff)
downloadlinux-5d4e04bf3a0f098bd9033de3a5291810fa14c7a6.tar.xz
wifi: cfg80211: reject auth/assoc to AP with our address
If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later. Reported-by: syzbot+2676771ed06a6df166ad@syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless')
-rw-r--r--net/wireless/mlme.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index ac059cefbeb3..775cac4d6100 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -281,6 +281,11 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
ether_addr_equal(req->bss->bssid, wdev->u.client.connected_addr))
return -EALREADY;
+ if (ether_addr_equal(req->bss->bssid, dev->dev_addr) ||
+ (req->link_id >= 0 &&
+ ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
+ return -EINVAL;
+
return rdev_auth(rdev, dev, req);
}
@@ -335,6 +340,9 @@ int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
if (req->links[i].bss == req->links[j].bss)
return -EINVAL;
}
+
+ if (ether_addr_equal(req->links[i].bss->bssid, dev->dev_addr))
+ return -EINVAL;
}
if (wdev->connected &&
@@ -342,6 +350,11 @@ int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
!ether_addr_equal(wdev->u.client.connected_addr, req->prev_bssid)))
return -EALREADY;
+ if ((req->bss && ether_addr_equal(req->bss->bssid, dev->dev_addr)) ||
+ (req->link_id >= 0 &&
+ ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
+ return -EINVAL;
+
cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
rdev->wiphy.ht_capa_mod_mask);
cfg80211_oper_and_vht_capa(&req->vht_capa_mask,