Johannes Berg 93db1d9e6c mac80211: fix possible out-of-bounds access ...

In the unlikely situation that the supplicant has negotiated
admission for the background AC (which it has no reason to as
it's not supposed to be requiring admission control to start
with, and we'd ignore such a requirement anyway), the loop
here may terminate with non_acm_ac == 4, which leads to an
array overrun.

Check this explicitly just for completeness.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

2016-09-15 16:46:16 +02:00

144 KiB

Raw Blame History

View Raw