On Monday, 3 June 2019 21:21:17 CEST John Crispin wrote: > The ppet field inside ieee80211_he_capabilities is of size [0]. The code > currently copies up to 12 additional bytes into the buffer, thus overwriting > memory. Fix this by verifying the size properly and using the passed length > value for allocation and the following memcpy() call. > > Signed-off-by: John Crispin <john@xxxxxxxxxxx> I just went to the patches which might be interesting for me to get HE in a working state for ath11k mesh. And so I found following patches which seemed to be relevant for me: * https://patchwork.ozlabs.org/patch/1109462/ (this patched; marked as "changes requested") * https://patchwork.ozlabs.org/patch/1122057/ (marked superseded) It looks to me that the mentioned patches can all be replaced by https://patchwork.ozlabs.org/patch/1116968/ - is this assumption correct or am I missing something? [...] > diff --git a/src/ap/ieee802_11_he.c b/src/ap/ieee802_11_he.c > index ba22a174a..63270228f 100644 > --- a/src/ap/ieee802_11_he.c > +++ b/src/ap/ieee802_11_he.c > @@ -44,6 +44,39 @@ static u8 ieee80211_he_ppet_size(u8 ppe_thres_hdr, const u8 *phy_cap_info) > } > > > +static inline u8 > +ieee80211_he_mcs_set_size(const u8 *phy_cap_info) > +{ We talked about this on a call (were I had problems to understand you) and I was under the impression that you were talking about static inline functions in headers. So I have to retract my statement and agree with Jouni about this. Kind regards, Sven
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
