wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation - kernel

diff options

author	Veerendranath Jakkam <[email protected]>	2025-04-24 12:31:42 +0000
committer	Johannes Berg <[email protected]>	2025-05-06 19:04:40 +0000
commit	023c1f2f0609218103cbcb48e0104b144d4a16dc (patch)
tree	9d023b4d65ebccbe047a38da80d1417edae6c899 /net/unix/sysctl_net_unix.c
parent	Merge tag 'wireless-2025-04-24' of https://git.kernel.org/pub/scm/linux/kerne... (diff)
download	kernel-023c1f2f0609218103cbcb48e0104b144d4a16dc.tar.gz kernel-023c1f2f0609218103cbcb48e0104b144d4a16dc.zip

wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation

Currently during the multi-link element defragmentation process, the multi-link element length added to the total IEs length when calculating the length of remaining IEs after the multi-link element in cfg80211_defrag_mle(). This could lead to out-of-bounds access if the multi-link element or its corresponding fragment elements are the last elements in the IEs buffer. To address this issue, correctly calculate the remaining IEs length by deducting the multi-link element end offset from total IEs end offset. Cc: [email protected] Fixes: 2481b5da9c6b ("wifi: cfg80211: handle BSS data contained in ML probe responses") Signed-off-by: Veerendranath Jakkam <[email protected]> Link: https://patch.msgid.link/20250424-fix_mle_defragmentation_oob_access-v1-1-84412a1743fa@quicinc.com Signed-off-by: Johannes Berg <[email protected]>

Diffstat (limited to 'net/unix/sysctl_net_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: