projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mac80211: check size of channel switch IE when parsing
[firefly-linux-kernel-4.4.55.git] / net / mac80211 / util.c
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 99e4258bdb26ef7e4bb8e3786f436879c8b83faf..7dff94e43a0c728b997017917079b5559f56a5cd 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -768,8 +768,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
                                elem_parse_failed = true;
                        break;
                case WLAN_EID_CHANNEL_SWITCH:
-                       elems->ch_switch_elem = pos;
-                       elems->ch_switch_elem_len = elen;
+                       if (elen != sizeof(struct ieee80211_channel_sw_ie)) {
+                               elem_parse_failed = true;
+                               break;
+                       }
+                       elems->ch_switch_ie = (void *)pos;
                        break;
                case WLAN_EID_QUIET:
                        if (!elems->quiet_elem) {
Unnamed repository; edit this file 'description' to name the repository.