diff options
author | Johannes Berg <johannes.berg@intel.com> | 2022-02-14 17:29:22 +0100 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2022-02-16 15:40:48 +0100 |
commit | bd4e4d62d97c0fc150405ae2f700af51ab586e5b (patch) | |
tree | 697427df551747541c1e7df94875464752898c5b | |
parent | d61f4274daa41565b5f9ce589b4ba1239781c139 (diff) | |
download | linux-stable-bd4e4d62d97c0fc150405ae2f700af51ab586e5b.tar.gz linux-stable-bd4e4d62d97c0fc150405ae2f700af51ab586e5b.tar.bz2 linux-stable-bd4e4d62d97c0fc150405ae2f700af51ab586e5b.zip |
mac80211: parse only HE capability elements with valid size
The code validates the HE capability element size later,
but slightly wrong, so use the new helper to do it right
and only accept it if it has a good size.
Link: https://lore.kernel.org/r/20220214172920.b5b06f264a61.I645ac1e2dc0ace223ef3e551cd5a71c88bd55e04@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r-- | net/mac80211/util.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/mac80211/util.c b/net/mac80211/util.c index abc29df6834c..1a8e18794387 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -973,8 +973,10 @@ static void ieee80211_parse_extension_element(u32 *crc, } break; case WLAN_EID_EXT_HE_CAPABILITY: - elems->he_cap = data; - elems->he_cap_len = len; + if (ieee80211_he_capa_size_ok(data, len)) { + elems->he_cap = data; + elems->he_cap_len = len; + } break; case WLAN_EID_EXT_HE_OPERATION: if (len >= sizeof(*elems->he_operation) && |