diff options
| author |   Paolo Abeni <pabeni@redhat.com> | 2022-10-13 13:19:41 +0200 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2022-10-13 13:19:41 +0200 |
| commit | ac85bc717cb5af334563c3622afd8fe543ca5fd5 (patch) | |
| tree | 29c6792f6011c9177c89e57402f1426d7e3af0d5 /drivers | |
| parent | net: phy: micrel: Fixes FIELD_GET assertion (diff) | |
| parent | Merge branch 'cve-fixes-2022-10-13' (diff) | |
| download | linux-dev-ac85bc717cb5af334563c3622afd8fe543ca5fd5.tar.xz linux-dev-ac85bc717cb5af334563c3622afd8fe543ca5fd5.zip | |
Merge tag 'wireless-2022-10-13' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless
Johannes Berg says:
====================
More wireless fixes for 6.1
This has only the fixes for the scan parsing issues.
* tag 'wireless-2022-10-13' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
wifi: cfg80211: update hidden BSSes to avoid WARN_ON
wifi: mac80211: fix crash in beacon protection for P2P-device
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
wifi: cfg80211: avoid nontransmitted BSS list corruption
wifi: cfg80211: fix BSS refcounting bugs
wifi: cfg80211: ensure length byte is present before access
wifi: mac80211: fix MBSSID parsing use-after-free
wifi: cfg80211/mac80211: reject bad MBSSID elements
wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
====================
Link: https://lore.kernel.org/r/20221013100522.46346-1-johannes@sipsolutions.net
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/net/wireless/mac80211_hwsim.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index df51b5b1f171..a40636c90ec3 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -4973,6 +4973,8 @@ static int hwsim_cloned_frame_received_nl(struct sk_buff *skb_2, } rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]); + if (rx_status.rate_idx >= data2->hw->wiphy->bands[rx_status.band]->n_bitrates) + goto out; rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]); hdr = (void *)skb->data; |