xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mac80211: check size of channel switch IE when parsing

Browse Source 
The channel switch IE has a fixed size, so we can
discard it in parsing if it's not the right size
and use the right struct pointer.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg
2012-08-01 16:13:02 +02:00
parent 3049000b97
commit 5bc1420b11
3 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
net/mac80211/util.c
View File

@@ -768,8 +768,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
elem_parse_failed = true;
break;
case WLAN_EID_CHANNEL_SWITCH:
elems->ch_switch_elem = pos;
elems->ch_switch_elem_len = elen;
if (elen != sizeof(struct ieee80211_channel_sw_ie)) {
elem_parse_failed = true;
break;
}
elems->ch_switch_ie = (void *)pos;
break;
case WLAN_EID_QUIET:
if (!elems->quiet_elem) {