1. 09 Aug, 2011 2 commits
  2. 08 Aug, 2011 4 commits
  3. 27 Jul, 2011 1 commit
    • Neil Horman's avatar
      net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared · 550fd08c
      Neil Horman authored
      After the last patch, We are left in a state in which only drivers calling
      ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers touching real
      hardware call ether_setup for their net_devices and don't hold any state in
      their skbs.  There are a handful of drivers that violate this assumption of
      course, and need to be fixed up.  This patch identifies those drivers, and marks
      them as not being able to support the safe transmission of skbs by clearning the
      IFF_TX_SKB_SHARING flag in priv_flags
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      CC: Karsten Keil <isdn@linux-pingi.de>
      CC: "David S. Miller" <davem@davemloft.net>
      CC: Jay Vosburgh <fubar@us.ibm.com>
      CC: Andy Gospodarek <andy@greyhouse.net>
      CC: Patrick McHardy <kaber@trash.net>
      CC: Krzysztof Halasa <khc@pm.waw.pl>
      CC: "John W. Linville" <linville@tuxdriver.com>
      CC: Greg Kroah-Hartman <gregkh@suse.de>
      CC: Marcel Holtmann <marcel@holtmann.org>
      CC: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      550fd08c
  4. 21 Jul, 2011 1 commit
    • Phil Carmody's avatar
      treewide: fix potentially dangerous trailing ';' in #defined values/expressions · 497888cf
      Phil Carmody authored
      All these are instances of
        #define NAME value;
      or
        #define NAME(params_opt) value;
      
      These of course fail to build when used in contexts like
        if(foo $OP NAME)
        while(bar $OP NAME)
      and may silently generate the wrong code in contexts such as
        foo = NAME + 1;    /* foo = value; + 1; */
        bar = NAME - 1;    /* bar = value; - 1; */
        baz = NAME & quux; /* baz = value; & quux; */
      
      Reported on comp.lang.c,
      Message-ID: <ab0d55fe-25e5-482b-811e-c475aa6065c3@c29g2000yqd.googlegroups.com>
      Initial analysis of the dangers provided by Keith Thompson in that thread.
      
      There are many more instances of more complicated macros having unnecessary
      trailing semicolons, but this pile seems to be all of the cases of simple
      values suffering from the problem. (Thus things that are likely to be found
      in one of the contexts above, more complicated ones aren't.)
      Signed-off-by: default avatarPhil Carmody <ext-phil.2.carmody@nokia.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      497888cf
  5. 20 Jul, 2011 2 commits
  6. 19 Jul, 2011 1 commit
  7. 18 Jul, 2011 1 commit
  8. 15 Jul, 2011 3 commits
  9. 13 Jul, 2011 2 commits
  10. 11 Jul, 2011 2 commits
  11. 08 Jul, 2011 9 commits
  12. 07 Jul, 2011 2 commits
    • Johannes Berg's avatar
      mac80211: fix TKIP replay vulnerability · 34459512
      Johannes Berg authored
      Unlike CCMP, the presence or absence of the QoS
      field doesn't change the encryption, only the
      TID is used. When no QoS field is present, zero
      is used as the TID value. This means that it is
      possible for an attacker to take a QoS packet
      with TID 0 and replay it as a non-QoS packet.
      
      Unfortunately, mac80211 uses different IVs for
      checking the validity of the packet's TKIP IV
      when it checks TID 0 and when it checks non-QoS
      packets. This means it is vulnerable to this
      replay attack.
      
      To fix this, use the same replay counter for
      TID 0 and non-QoS packets by overriding the
      rx->queue value to 0 if it is 16 (non-QoS).
      
      This is a minimal fix for now. I caused this
      issue in
      
      commit 1411f9b5
      Author: Johannes Berg <johannes@sipsolutions.net>
      Date:   Thu Jul 10 10:11:02 2008 +0200
      
          mac80211: fix RX sequence number check
      
      while fixing a sequence number issue (there,
      a separate counter needs to be used).
      
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      34459512
    • Luciano Coelho's avatar
      mac80211: fix ie memory allocation for scheduled scans · 1186980d
      Luciano Coelho authored
      We were not allocating memory for the IEs passed in the scheduled_scan
      request and this was causing memory corruption (buffer overflow).
      Signed-off-by: default avatarLuciano Coelho <coelho@ti.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      1186980d
  13. 06 Jul, 2011 2 commits
  14. 05 Jul, 2011 3 commits
  15. 29 Jun, 2011 1 commit
  16. 27 Jun, 2011 4 commits