Patch "wifi: cfg80211: don't allow multi-BSSID in S1G" has been added to the 6.0-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 3 Dec 2022 04:25:00 -0500

This is a note to let you know that I've just added the patch titled

    wifi: cfg80211: don't allow multi-BSSID in S1G

to the 6.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     wifi-cfg80211-don-t-allow-multi-bssid-in-s1g.patch
and it can be found in the queue-6.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 5c77b52ffb5807534ac9b6410ce7d57d1c5fc3dc
Author: Johannes Berg <johannes.berg@xxxxxxxxx>
Date:   Fri Nov 25 12:36:58 2022 +0100

    wifi: cfg80211: don't allow multi-BSSID in S1G
    
    [ Upstream commit acd3c92acc7aaec50a94d0a7faf7ccd74e952493 ]
    
    In S1G beacon frames there shouldn't be multi-BSSID elements
    since that's not supported, remove that to avoid a potential
    integer underflow and/or misparsing the frames due to the
    different length of the fixed part of the frame.
    
    While at it, initialize non_tx_data so we don't send garbage
    values to the user (even if it doesn't seem to matter now.)
    
    Reported-and-tested-by: Sönke Huster <shuster@xxxxxxxxxxxxxxxxxxxxxx>
    Fixes: 9eaffe5078ca ("cfg80211: convert S1G beacon to scan results")
    Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 56db0f12ca7c..b4d788572992 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -2527,10 +2527,15 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy,
 	const struct cfg80211_bss_ies *ies1, *ies2;
 	size_t ielen = len - offsetof(struct ieee80211_mgmt,
 				      u.probe_resp.variable);
-	struct cfg80211_non_tx_bss non_tx_data;
+	struct cfg80211_non_tx_bss non_tx_data = {};
 
 	res = cfg80211_inform_single_bss_frame_data(wiphy, data, mgmt,
 						    len, gfp);
+
+	/* don't do any further MBSSID handling for S1G */
+	if (ieee80211_is_s1g_beacon(mgmt->frame_control))
+		return res;
+
 	if (!res || !wiphy->support_mbssid ||
 	    !cfg80211_find_elem(WLAN_EID_MULTIPLE_BSSID, ie, ielen))
 		return res;






