mac80211: Don't request encryption for probe response

Probe responses shouldn't be encrypted, and mac80211 doesn't
set the crypto key accordingly. However it didn't set the
IEEE80211_TX_CTL_DO_NOT_ENCRYPT flag which means drivers
could make an attempt to encrypt it, and causing a NULL
pointer dereference when accessing the provided hw_key field.

Signed-off-by: Ivo van Doorn <[email protected]>
Acked-by: Johannes Berg <[email protected]>
Signed-off-by: John W. Linville <[email protected]>

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 4a3bddd206d8f799572bfab4e87c0f52a48c4f05..86abdf96390c9bd59dc693137c88aff748fde5c7 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2481,6 +2481,7 @@ static int ieee80211_sta_join_ibss(struct net_device *dev,
                        control->flags |= IEEE80211_TX_CTL_SHORT_PREAMBLE;
                control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
                control->flags |= IEEE80211_TX_CTL_NO_ACK;
+               control->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT;
                control->control.retry_limit = 1;
 
                ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);