On Fri, 2022-08-26 at 18:25 +0530, Vinayak Yadawad wrote: > > @@ -1267,6 +1268,7 @@ void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid, > > ev->type = EVENT_PORT_AUTHORIZED; > memcpy(ev->pa.bssid, bssid, ETH_ALEN); > + ev->pa.td_bitmap = td_bitmap; > > Surely this will cause some kind of use-after-free, or stack use after stack frame return?? In the event, I guess you need to size it for the max possible bitmap size and copy it. (also nit somewhere: "u8 *x" instead of "u8* x") The function argument should probably also be const. FWIW, I didn't really mind having a fixed two-byte bitmap, but that doesn't address the case of it being not valid. We could just use an "int" and say "-1 for invalid, otherwise a 16-bit bitmap value"? johannes
