mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 05:24:39 +01:00
Just one fix, for a parsing error in mac80211 that might
result in a one byte out-of-bounds read. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEpeA8sTs3M8SN2hR410qiO8sPaAAFAml7Pl0ACgkQ10qiO8sP aAAKXA/+P8I3WjVL2QuW0a84VJHxNN398JvOHE68vkWg+HulxDcV/9alCNJAFbYU 9O9mzNTTH+eW28F4YxIhW86YNnGqkeMy+ZTTdPuSn17WE3OrHubWkdJdqnC3SWb/ 2lYR+BSXLHMTLSFP0olcbUX+WXYHptETxfOX1dpmFZq80wioqs32MPabneGT7vs/ ENFRK6oT26aouKvGvNa9znqGwVO0rsr3Bmz0N1fgehYhU3YNrqgDH0Lj7Cs5kTOZ 0QzhZjnIIOXW/3kJNp7Jk7aYW9+9QR6Wo6G5B+wTL/mxZsWhCMxZfqkOm796ktl8 0OdHOrAD7Fy4w6hPXlUzUHy6kX0lAR1tdk1fE/lNgYyM4WCjvZb0ABP8sncuoEIH M2EaDh/drVd/aOU2KQJqvjnG2qlBSK/Gf9hYfBDFpw+GFsOKRowv2o84qnWDGbOw rPk8kCz8CFyzUCaF5l0DridPyWu6GEFyAxQ5CDJw8zUu7Mi3PCp9pWCVjAHQPNho r7Mao1n0dx4bsiPRZDNfGuymi/MHovRdmPBkdYtMJHYWNAtvDdwu3N50meCA21lM kQdY6WMq4dPrqULFW4yfFInTXmkAReHNKVgc49LfSYfrZTyj5ACxgNtELO5GRAgM NVGjXfzykOa/GtBTqf+Ob0gDa4mU9QQdRo4DV98cHlKIdZDV0zs= =qI59 -----END PGP SIGNATURE----- Merge tag 'wireless-2026-01-29' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless Johannes Berg says: ==================== Just one fix, for a parsing error in mac80211 that might result in a one byte out-of-bounds read. * tag 'wireless-2026-01-29' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless: wifi: mac80211: correctly decode TTLM with default link map ==================== Link: https://patch.msgid.link/20260129110403.178036-3-johannes@sipsolutions.net Signed-off-by: Paolo Abeni <pabeni@redhat.com>
This commit is contained in:
Paolo Abeni
commit
0858206732
1 changed files with 5 additions and 3 deletions
|
|
@ -8,7 +8,7 @@
|
|||
* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
|
||||
* Copyright 2013-2014 Intel Mobile Communications GmbH
|
||||
* Copyright (C) 2015 - 2017 Intel Deutschland GmbH
|
||||
* Copyright (C) 2018 - 2025 Intel Corporation
|
||||
* Copyright (C) 2018 - 2026 Intel Corporation
|
||||
*/
|
||||
|
||||
#include <linux/delay.h>
|
||||
|
|
@ -6190,8 +6190,10 @@ ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
link_map_presence = *pos;
|
||||
pos++;
|
||||
if (!(control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP)) {
|
||||
link_map_presence = *pos;
|
||||
pos++;
|
||||
}
|
||||
|
||||
if (control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT) {
|
||||
ttlm_info->switch_time = get_unaligned_le16(pos);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue