Skip to content

Commit

Permalink
mac80211: fix IBSS presp allocation size
Browse files Browse the repository at this point in the history 
When VHT IBSS support was added, the size of the extra elements
wasn't considered in ieee80211_ibss_build_presp(), which makes
it possible that it would overrun the allocated buffer. Fix it
by allocating the necessary space.

Fixes: abcff6e ("mac80211: add VHT support for IBSS")
Reported-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  • Loading branch information
Johannes Berg committed May 8, 2017
1 parent 4954601 commit f1f3e9e
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions net/mac80211/ibss.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ ieee80211_ibss_build_presp(struct ieee80211_sub_if_data *sdata,
2 + (IEEE80211_MAX_SUPP_RATES - 8) +
2 + sizeof(struct ieee80211_ht_cap) +
2 + sizeof(struct ieee80211_ht_operation) +
2 + sizeof(struct ieee80211_vht_cap) +
2 + sizeof(struct ieee80211_vht_operation) +
ifibss->ie_len;
presp = kzalloc(sizeof(*presp) + frame_len, GFP_KERNEL);
if (!presp)
Expand Down

0 comments on commit f1f3e9e

Please sign in to comment.