wifi: mac80211: disallow basic multi-link element in per-STA profile

author Johannes Berg <johannes.berg@intel.com>

Mon, 29 Jan 2024 19:06:54 +0000 (20:06 +0100)

committer Johannes Berg <johannes.berg@intel.com>

Thu, 8 Feb 2024 14:00:43 +0000 (15:00 +0100)
author Johannes Berg <johannes.berg@intel.com>
Mon, 29 Jan 2024 19:06:54 +0000 (20:06 +0100)
committer Johannes Berg <johannes.berg@intel.com>
Thu, 8 Feb 2024 14:00:43 +0000 (15:00 +0100)
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h

index f5fe659..e11297b 100644 (file)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1671,6 +1671,7 @@ enum ieee80211_elems_parse_error {
         IEEE80211_PARSE_ERR_DUP_ELEM            = BIT(1),
         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE       = BIT(2),
         IEEE80211_PARSE_ERR_UNEXPECTED_ELEM     = BIT(3),
+       IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC   = BIT(4),
  };
  
  /* Parsed Information Elements */
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c

index 35dda59..9a0331d 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -4304,7 +4304,8 @@ static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
                         link->u.mgd.bss_param_ch_cnt =
                                 ieee80211_mle_get_bss_param_ch_cnt(elems->ml_basic);
                 }
-       } else if (!elems->prof ||
+       } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
+                  !elems->prof ||
                    !(elems->prof->control & prof_bss_param_ch_present)) {
                 ret = false;
                 goto out;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c

index c1fa762..d85a9c5 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1012,6 +1012,11 @@ ieee80211_parse_extension_element(u32 *crc,
                         switch (le16_get_bits(mle->control,
                                               IEEE80211_ML_CONTROL_TYPE)) {
                         case IEEE80211_ML_CONTROL_TYPE_BASIC:
+                               if (elems->ml_basic) {
+                                       elems->parse_error |=
+                                               IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC;
+                                       break;
+                               }
                                 elems->ml_basic_elem = (void *)elem;
                                 elems->ml_basic = data;
                                 elems->ml_basic_len = len;
author	Johannes Berg <johannes.berg@intel.com>
	Mon, 29 Jan 2024 19:06:54 +0000 (20:06 +0100)
committer	Johannes Berg <johannes.berg@intel.com>
	Thu, 8 Feb 2024 14:00:43 +0000 (15:00 +0100)
net/mac80211/ieee80211_i.h		patch \| blob \| history
net/mac80211/mlme.c		patch \| blob \| history
net/mac80211/util.c		patch \| blob \| history