On 12/2/2022 8:44 AM, Jouni Malinen wrote:
On Mon, Nov 14, 2022 at 12:19:03PM -0800, Aloka Dixit wrote:
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
@@ -3338,7 +3338,8 @@ cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon)
len = beacon->head_len + beacon->tail_len + beacon->beacon_ies_len +
beacon->proberesp_ies_len + beacon->assocresp_ies_len +
beacon->probe_resp_len + beacon->lci_len + beacon->civicloc_len +
- ieee80211_get_mbssid_beacon_len(beacon->mbssid_ies);
+ ieee80211_get_mbssid_beacon_len(beacon->mbssid_ies,
+ beacon->mbssid_ies->cnt);
beacon->mbssid_ies can be NULL here and that is going to result in a
kernel panic. For example, check with hostap.git test case
ap_ht_20_to_40_csa.
Oh, thank you, will fix it.
@Johannes, I noticed that commit 2b3171c6fe0af24b5506
missed freeing old->mbssid_ies (2 places) and old_beacon->mbssid_ies
that were part of
https://patchwork.kernel.org/project/linux-wireless/patch/20210916025437.29138-4-alokad@xxxxxxxxxxxxxx/.
I will add those in the next version as well.
Any better way to catch missing free() calls that you can recommend?
Thanks.
