All of lore.kernel.org
 help / color / mirror / Atom feed
From: Miri Korenblit <miriam.rachel.korenblit@intel.com>
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org,
	Johannes Berg <johannes.berg@intel.com>,
	Ilan Peer <ilan.peer@intel.com>
Subject: [PATCH 02/15] wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok()
Date: Mon, 18 Mar 2024 18:53:18 +0200	[thread overview]
Message-ID: <20240318184907.00bb0b20ed60.I8c41dd6fc14c4b187ab901dea15ade73c79fb98c@changeid> (raw)
In-Reply-To: <20240318165331.3170594-1-miriam.rachel.korenblit@intel.com>

From: Johannes Berg <johannes.berg@intel.com>

If there was a possibility of an MLE basic STA profile without
subelements, we might reject it because we account for the one
octet for sta_info_len twice (it's part of itself, and in the
fixed portion). Like in ieee80211_mle_reconf_sta_prof_size_ok,
subtract 1 to adjust that.

When reading the elements we did take this into account, and
since there are always elements, this never really mattered.

Fixes: 7b6f08771bf6 ("wifi: ieee80211: Support validating ML station profile length")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
 include/linux/ieee80211.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index a99f048404b8..4fd9735bb75e 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -5302,7 +5302,7 @@ static inline bool ieee80211_mle_basic_sta_prof_size_ok(const u8 *data,
 		info_len += 1;
 
 	return prof->sta_info_len >= info_len &&
-	       fixed + prof->sta_info_len <= len;
+	       fixed + prof->sta_info_len - 1 <= len;
 }
 
 /**
-- 
2.34.1


  parent reply	other threads:[~2024-03-18 16:53 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-18 16:53 [PATCH 00/15] cfg80211/mac80211 patches from our internal tree 2024-03-18 Miri Korenblit
2024-03-18 16:53 ` [PATCH 01/15] wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() Miri Korenblit
2024-03-18 16:53 ` Miri Korenblit [this message]
2024-03-18 16:53 ` [PATCH 03/15] wifi: mac80211_hwsim: move skip_beacons to be per link Miri Korenblit
2024-03-18 16:53 ` [PATCH 04/15] wifi: mac80211: clarify the dormant/suspended links docs Miri Korenblit
2024-03-18 16:53 ` [PATCH 05/15] wifi: mac80211: fix BSS_CHANGED_MLD_TTLM description Miri Korenblit
2024-03-18 16:53 ` [PATCH 06/15] wifi: mac80211: correctly set active links upon TTLM Miri Korenblit
2024-03-18 16:53 ` [PATCH 07/15] wifi: mac80211: handle indoor AFC/LPI AP on assoc success Miri Korenblit
2024-03-18 16:53 ` [PATCH 08/15] wifi: cfg80211: handle indoor AFC/LPI AP in probe response and beacon Miri Korenblit
2024-03-18 16:53 ` [PATCH 09/15] wifi: mac80211: add flag to disallow puncturing in 5 GHz Miri Korenblit
2024-03-18 16:53 ` [PATCH 10/15] wifi: mac80211: parse puncturing bitmap in 6 GHz Miri Korenblit
2024-03-18 16:53 ` [PATCH 11/15] wifi: mac80211: improve association error reporting slightly Miri Korenblit
2024-03-18 16:53 ` [PATCH 12/15] wifi: cfg80211: check BSSID Index against MaxBSSID Miri Korenblit
2024-03-18 16:53 ` [PATCH 13/15] wifi: cfg80211: ignore non-TX BSSs in per-STA profile Miri Korenblit
2024-03-18 16:53 ` [PATCH 14/15] wifi: mac80211: fix prep_connection error path Miri Korenblit
2024-03-18 16:53 ` [PATCH 15/15] wifi: mac80211: add support for tearing down negotiated TTLM Miri Korenblit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240318184907.00bb0b20ed60.I8c41dd6fc14c4b187ab901dea15ade73c79fb98c@changeid \
    --to=miriam.rachel.korenblit@intel.com \
    --cc=ilan.peer@intel.com \
    --cc=johannes.berg@intel.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.