ieee80211: add helper to check HE capability element size
authorJohannes Berg <johannes.berg@intel.com>
Mon, 14 Feb 2022 16:29:21 +0000 (17:29 +0100)
committerJohannes Berg <johannes.berg@intel.com>
Wed, 16 Feb 2022 14:40:46 +0000 (15:40 +0100)
This element has a very dynamic structure, create a small helper
function to validate its size. We're currently checking it in
mac80211 in a conversion function, but that's actually slightly
buggy.

Link: https://lore.kernel.org/r/20220214172920.750bee9eaf37.Ie18359bd38143b7dc949078f10752413e6d36854@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
include/linux/ieee80211.h

index a2940a8..dfc8468 100644 (file)
@@ -9,7 +9,7 @@
  * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
  * Copyright (c) 2013 - 2014 Intel Mobile Communications GmbH
  * Copyright (c) 2016 - 2017 Intel Deutschland GmbH
- * Copyright (c) 2018 - 2021 Intel Corporation
+ * Copyright (c) 2018 - 2022 Intel Corporation
  */
 
 #ifndef LINUX_IEEE80211_H
@@ -2338,6 +2338,29 @@ ieee80211_he_ppe_size(u8 ppe_thres_hdr, const u8 *phy_cap_info)
        return n;
 }
 
+static inline bool ieee80211_he_capa_size_ok(const u8 *data, u8 len)
+{
+       const struct ieee80211_he_cap_elem *he_cap_ie_elem = (const void *)data;
+       u8 needed = sizeof(*he_cap_ie_elem);
+
+       if (len < needed)
+               return false;
+
+       needed += ieee80211_he_mcs_nss_size(he_cap_ie_elem);
+       if (len < needed)
+               return false;
+
+       if (he_cap_ie_elem->phy_cap_info[6] &
+                       IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT) {
+               if (len < needed + 1)
+                       return false;
+               needed += ieee80211_he_ppe_size(data[needed],
+                                               he_cap_ie_elem->phy_cap_info);
+       }
+
+       return len >= needed;
+}
+
 /* HE Operation defines */
 #define IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK           0x00000007
 #define IEEE80211_HE_OPERATION_TWT_REQUIRED                    0x00000008