mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-04-02 10:31:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'wireless-2026-01-29' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

Browse Source 
Johannes Berg says:

====================
Just one fix, for a parsing error in mac80211 that might
result in a one byte out-of-bounds read.

* tag 'wireless-2026-01-29' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
  wifi: mac80211: correctly decode TTLM with default link map
====================

Link: https://patch.msgid.link/20260129110403.178036-3-johannes@sipsolutions.net
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
This commit is contained in:
Paolo Abeni
2026-01-29 13:21:35 +01:00
parent df8b9be3d4 1eab33aa63
commit 0858206732
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
net/mac80211/mlme.c
View File

@@ -8,7 +8,7 @@
* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
* Copyright (C) 2015 - 2017 Intel Deutschland GmbH
* Copyright (C) 2018 - 2025 Intel Corporation
* Copyright (C) 2018 - 2026 Intel Corporation
*/
#include <linux/delay.h>
@@ -6190,8 +6190,10 @@ ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
return -EINVAL;
}
link_map_presence = *pos;
pos++;
if (!(control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP)) {
link_map_presence = *pos;
pos++;
}
if (control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT) {
ttlm_info->switch_time = get_unaligned_le16(pos);