From patchwork Fri Oct 14 16:41:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Berg X-Patchwork-Id: 13007204 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4688DC43217 for ; Fri, 14 Oct 2022 16:42:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230324AbiJNQmM (ORCPT ); Fri, 14 Oct 2022 12:42:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230329AbiJNQmL (ORCPT ); Fri, 14 Oct 2022 12:42:11 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46F5E1BE1D7; Fri, 14 Oct 2022 09:42:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version: Message-Id:Date:Subject:Cc:To:From:Content-Type:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-To:Resent-Cc: Resent-Message-ID:In-Reply-To:References; bh=BO2vgPdgdXchK2oRtsstbiY0yQprvBApkNKGIMro4U4=; t=1665765729; x=1666975329; b=TzYZemmvzpEp5AzmUSYV7BLKEgv7wAoaHbAnU5bN2T8LVQlJ+gjUMvt4Y+FxhvLtB7lQWgWNeO9 zOxQEvmjLeXah1AQSOvyTJfGfXMadttoTUlSVIoDMfRJ+i0THL2+W7fci7atMNaPHWlNa7gtGb/HP KiE0uvNaQeD8yX0d1289noXGac0cgfd7cPoUbbOvpBM5Xktd/pkD+dhgEqNFtrqnKPlVv9CcyNEir q23etWQv+Tfmc3eG3eQQBbt0HL3Uk0QCBkqC5+l/2eIpcRC6psa78fcxfFznD5M68gvGsDNp/cIXL NYoeQ8C0yE9mIRWaDaN372bhe8keEkMczSaQ==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from ) id 1ojNl7-006gql-1Q; Fri, 14 Oct 2022 18:42:07 +0200 From: Johannes Berg To: linux-wireless@vger.kernel.org, stable@vger.kernel.org Cc: Felix Fietkau , Thadeu Lima de Souza Cascardo , Marcus Meissner , Jiri Kosina Subject: [RFC v5.10 0/3] mac80211 use-after-free fix Date: Fri, 14 Oct 2022 18:41:47 +0200 Message-Id: <20221014164150.24310-1-johannes@sipsolutions.net> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi, So I looked at this, and it wasn't great one way or the other... The first patch here is obvious, let's just take it and get one of the parsings out of the way. The second one removes a couple of more cases where this is done, since it only happens when the last argument is non-NULL. The third then is to avoid the UAF, and is simpler now since only a few places can even allocate it. johannes