Re: [PATCH 1/2] mac80211: check for mesh_config length on incoming management frames

[Johannes Berg <johannes@xxxxxxxxxxxxxxxx>]

Indeed :)
Acked-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>

> ---
>  net/mac80211/ieee80211_sta.c |    8 ++++++--
>  1 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
> index cfe6fcc..feec201 100644
> --- a/net/mac80211/ieee80211_sta.c
> +++ b/net/mac80211/ieee80211_sta.c
> @@ -2153,11 +2153,14 @@ ieee80211_rx_mesh_bss_get(struct net_device *dev, u8 *mesh_id, int mesh_id_len,
>  
>  static struct ieee80211_sta_bss *
>  ieee80211_rx_mesh_bss_add(struct net_device *dev, u8 *mesh_id, int mesh_id_len,
> -			  u8 *mesh_cfg, int freq)
> +			  u8 *mesh_cfg, int mesh_config_len, int freq)
>  {
>  	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
>  	struct ieee80211_sta_bss *bss;
>  
> +	if (mesh_config_len != MESH_CFG_LEN)
> +		return NULL;
> +
>  	bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
>  	if (!bss)
>  		return NULL;
> @@ -2530,7 +2533,8 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
>  #ifdef CONFIG_MAC80211_MESH
>  		if (elems.mesh_config)
>  			bss = ieee80211_rx_mesh_bss_add(dev, elems.mesh_id,
> -				elems.mesh_id_len, elems.mesh_config, freq);
> +				elems.mesh_id_len, elems.mesh_config,
> +				elems.mesh_config_len, freq);
>  		else
>  #endif
>  			bss = ieee80211_rx_bss_add(dev, mgmt->bssid, freq,

Attachment: signature.asc
Description: This is a digitally signed message part