NL80211_ATTR_SCHED_SCAN_MATCH can have NL80211_SCHED_SCAN_MATCH_ATTR_SSID
as well as NL80211_SCHED_SCAN_MATCH_ATTR_RSSI in it. Each nested attributes
which are part of NL80211_ATTR_SCHED_SCAN_MATCH are counted to find out
number of match sets in nl80211_start_sched_scan().
This is the problem if NL80211_SCHED_SCAN_MATCH_ATTR_RSSI also part of
NL80211_ATTR_SCHED_SCAN_MATCH. Fix this incorrect calculation by considering
only NL80211_SCHED_SCAN_MATCH_ATTR_SSID to know match set count.
Signed-off-by: Raja Mani <rmani@xxxxxxxxxxxxxxxx>
---
net/wireless/nl80211.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index d0afd82..2d3a86f 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -5504,11 +5504,17 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
if (n_ssids > wiphy->max_sched_scan_ssids)
return -EINVAL;
- if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
+ if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
nla_for_each_nested(attr,
info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
- tmp)
- n_match_sets++;
+ tmp) {
+ nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
+ nla_data(attr), nla_len(attr),
+ nl80211_match_policy);
+ if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID])
+ n_match_sets++;
+ }
+ }
if (n_match_sets > wiphy->max_match_sets)
return -EINVAL;
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
