torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
8b7ab8eb52
linux/net/wireless
History
Sarika Sharma 9a44b5e36c wifi: cfg80211: fix double free for link_sinfo in nl80211_station_dump() 
Currently, the link_sinfo structure is being freed twice in
nl80211_dump_station(), once after the send_station() call and again
in the error handling path. This results in a double free of both
link_sinfo and link_sinfo->pertid, which might lead to undefined
behavior or kernel crashes.

Hence, fix by ensuring cfg80211_sinfo_release_content() is only
invoked once during execution of nl80211_station_dump().

Fixes: 49e47223ec ("wifi: cfg80211: allocate memory for link_station info structure")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/81f30515-a83d-4b05-a9d1-e349969df9e9@sabinyo.mountain/
Reported-by: syzbot+4ba6272678aa468132c8@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/68655325.a70a0220.5d25f.0316.GAE@google.com
Signed-off-by: Sarika Sharma <quic_sarishar@quicinc.com>
Link: https://patch.msgid.link/20250714084405.178066-1-quic_sarishar@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2025-07-15 11:05:13 +02:00
..
certs wifi: cfg80211: fix certs build to not depend on file order 2023-12-14 09:11:51 +01:00
tests wireless-next patches for v6.14 2024-12-19 18:54:07 -08:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
ap.c wifi: cfg80211: remove wdev mutex 2023-09-11 11:27:23 +02:00
chan.c wifi: cfg80211: expose cfg80211_chandef_get_width() 2025-03-12 09:50:24 +01:00
core.c wifi: cfg80211: hide scan internals 2025-07-09 11:52:35 +02:00
core.h wifi: cfg80211: hide scan internals 2025-07-09 11:52:35 +02:00
debugfs.c wifi: cfg80211: add locked debugfs wrappers 2023-11-27 11:24:58 +01:00
debugfs.h
ethtool.c wifi: cfg80211: use strscpy to replace strlcpy 2022-07-15 11:43:12 +02:00
ibss.c wifi: cfg80211: move DFS related members to links[] in wireless_dev 2024-09-06 13:01:05 +02:00
Kconfig wifi: cfg80211: stop exporting wext symbols 2024-10-08 21:53:31 +02:00
Makefile wifi: wext/libipw: move spy implementation to libipw 2024-10-08 21:53:18 +02:00
mesh.c wifi: cfg80211: move DFS related members to links[] in wireless_dev 2024-09-06 13:01:05 +02:00
mlme.c wifi: cfg80211: only verify part of Extended MLD Capabilities 2025-07-09 11:52:35 +02:00
nl80211.c wifi: cfg80211: fix double free for link_sinfo in nl80211_station_dump() 2025-07-15 11:05:13 +02:00
nl80211.h wifi: cfg80211: Add support for dynamic addition/removal of links 2025-01-13 15:34:08 +01:00
ocb.c wifi: cfg80211: remove wdev mutex 2023-09-11 11:27:23 +02:00
of.c
pmsr.c wifi: cfg80211: define and use wiphy guard 2024-12-04 16:10:52 +01:00
radiotap.c Merge net-next/main to resolve conflicts 2024-10-09 08:59:22 +02:00
rdev-ops.h wifi: cfg80211: hide scan internals 2025-07-09 11:52:35 +02:00
reg.c wifi: cfg80211: move away from using a fake platform device 2025-07-08 10:22:51 +02:00
reg.h wifi: cfg80211: add return docs for regulatory functions 2024-04-19 10:29:08 +02:00
scan.c wifi: cfg80211/mac80211: implement dot11ExtendedRegInfoSupport 2025-07-09 11:56:37 +02:00
sme.c wifi: cfg80211: hide scan internals 2025-07-09 11:52:35 +02:00
sysfs.c wifi: cfg80211: fully move wiphy work to unbound workqueue 2024-05-29 15:23:33 +02:00
sysfs.h
trace.c
trace.h wifi: cfg80211: hide scan internals 2025-07-09 11:52:35 +02:00
util.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-07-11 11:42:38 -07:00
wext-compat.c wifi: cfg80211/mac80211: Add support to get radio index 2025-06-24 15:19:27 +02:00
wext-compat.h Revert "wifi: cfg80211: unexport wireless_nlevent_flush()" 2024-10-09 08:53:01 +02:00
wext-core.c net: remove get_task_comm() and print task comm directly 2025-01-12 20:21:16 -08:00
wext-priv.c
wext-proc.c
wext-sme.c wifi: cfg80211: define and use wiphy guard 2024-12-04 16:10:52 +01:00