2024-03-18 16:54:45

by Miri Korenblit

[permalink] [raw]
Subject: [PATCH 12/15] wifi: cfg80211: check BSSID Index against MaxBSSID

From: Benjamin Berg <[email protected]>

Add a verification that the BSSID Index does not exceed the maximum
number of BSSIDs in the Multiple-BSSID set.

Signed-off-by: Benjamin Berg <[email protected]>
Reviewed-by: Johannes Berg <[email protected]>
Signed-off-by: Miri Korenblit <[email protected]>
---
net/wireless/scan.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index b55ffe73e1ef..8ac2d19d8ede 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -2447,7 +2447,8 @@ cfg80211_parse_mbssid_data(struct wiphy *wiphy,
profile, profile_len);
if (!mbssid_index_ie || mbssid_index_ie[1] < 1 ||
mbssid_index_ie[2] == 0 ||
- mbssid_index_ie[2] > 46) {
+ mbssid_index_ie[2] > 46 ||
+ mbssid_index_ie[2] >= (1 << elem->data[0])) {
/* No valid Multiple BSSID-Index element */
continue;
}
--
2.34.1