In 'cfg80211_parse_colocated_ap_iter()' and 'cfg80211_scan_6ghz()', an
instances of 'struct cfg80211_colocated_ap' are allocated as if they
would have 'ssid' as trailing VLA member. Since this is not so, extra
IEEE80211_MAX_SSID_LEN bytes are not needed. Briefly tested with KUnit.
Fixes: c8cb5b854b40 ("nl80211/cfg80211: support 6 GHz scanning")
Signed-off-by: Dmitry Antipov <dmantipov@xxxxxxxxx>
---
net/wireless/scan.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 1c6fd45aa809..dd4fb53ea8c6 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -704,7 +704,7 @@ cfg80211_parse_colocated_ap_iter(void *_data, u8 type,
bss_params)))
return RNR_ITER_CONTINUE;
- entry = kzalloc(sizeof(*entry) + IEEE80211_MAX_SSID_LEN, GFP_ATOMIC);
+ entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
if (!entry)
return RNR_ITER_ERROR;
@@ -858,8 +858,7 @@ static int cfg80211_scan_6ghz(struct cfg80211_registered_device *rdev)
if (ret)
continue;
- entry = kzalloc(sizeof(*entry) + IEEE80211_MAX_SSID_LEN,
- GFP_ATOMIC);
+ entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
if (!entry)
continue;
--
2.47.1
