[PATCH 3/3] nl80211: accept only HE capability elements with valid size

Johannes Berg <johannes@xxxxxxxxxxxxxxxx> · Thu, 10 Feb 2022 20:16:23 +0100

From: Johannes Berg <johannes.berg@xxxxxxxxx>

The kernel (driver code) should be able to assume that a station's
HE capabilities are not badly sized, so reject them if they are.

Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
---
 net/wireless/nl80211.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 578bff9c378b..19b74a5ca300 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -6308,6 +6308,11 @@ int cfg80211_check_station_change(struct wiphy *wiphy,
 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
 		return -EINVAL;
 
+	if (params->he_capa &&
+	    !ieee80211_he_capa_size_ok((const void *)params->he_capa,
+				       params->he_capa_len))
+		return -EINVAL;
+
 	/* When you run into this, adjust the code below for the new flag */
 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
 
-- 
2.34.1







