LinuxLists.cc - [PATCH] nl80211: validate number of probe response CSA counters

2016-09-13 13:56:49

Subject: [PATCH] nl80211: validate number of probe response CSA counters

From: Johannes Berg <[email protected]>

Due to an apparent copy/paste bug, the number of counters for the
beacon configuration were checked twice, instead of checking the
number of probe response counters. Fix this to check the number of
probe response counters before parsing those.

Signed-off-by: Johannes Berg <[email protected]>
---
net/wireless/nl80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index ef234d2fd854..a65c94f202f8 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -6998,7 +6998,7 @@ static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)

params.n_counter_offsets_presp = len / sizeof(u16);
if (rdev->wiphy.max_num_csa_counters &&
- (params.n_counter_offsets_beacon >
+ (params.n_counter_offsets_presp >
rdev->wiphy.max_num_csa_counters))
return -EINVAL;

--
2.8.1

2016-09-15 06:09:06

by Luciano Coelho

[permalink] [raw]

Subject: Re: [PATCH] nl80211: validate number of probe response CSA counters

T24gVHVlLCAyMDE2LTA5LTEzIGF0IDE1OjU2ICswMjAwLCBKb2hhbm5lcyBCZXJnIHdyb3RlOg0K
PiBGcm9tOiBKb2hhbm5lcyBCZXJnIDxqb2hhbm5lcy5iZXJnQGludGVsLmNvbT4NCj4gDQo+IER1
ZSB0byBhbiBhcHBhcmVudCBjb3B5L3Bhc3RlIGJ1ZywgdGhlIG51bWJlciBvZiBjb3VudGVycyBm
b3IgdGhlDQo+IGJlYWNvbiBjb25maWd1cmF0aW9uIHdlcmUgY2hlY2tlZCB0d2ljZSwgaW5zdGVh
ZCBvZiBjaGVja2luZyB0aGUNCj4gbnVtYmVyIG9mIHByb2JlIHJlc3BvbnNlIGNvdW50ZXJzLiBG
aXggdGhpcyB0byBjaGVjayB0aGUgbnVtYmVyIG9mDQo+IHByb2JlIHJlc3BvbnNlIGNvdW50ZXJz
IGJlZm9yZSBwYXJzaW5nIHRob3NlLg0KPiANCj4gU2lnbmVkLW9mZi1ieTogSm9oYW5uZXMgQmVy
ZyA8am9oYW5uZXMuYmVyZ0BpbnRlbC5jb20+DQo+IC0tLQ0KDQpBY2tlZC1ieTogTHVjaWFubyBD
b2VsaG8gPGx1Y2lhbm8uY29lbGhvQGludGVsLmNvbT4NCg0KLS0NCkx1Y2Eu