diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2024-01-29 20:06:54 +0100 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2024-02-08 15:00:43 +0100 |
| commit | a57944d1ee8bf29cbdf7d6b8e9579d88bf912c3e (patch) | |
| tree | 87093407c70a8e67a580926f99ffeb6db9a0eaf3 /net/mac80211 | |
| parent | 3552a22880eed3e834a33d02aec6800974bb42b4 (diff) | |
| download | linux-a57944d1ee8bf29cbdf7d6b8e9579d88bf912c3e.tar.gz | |
wifi: mac80211: disallow basic multi-link element in per-STA profile
There really shouldn't be a basic multi-link element in any
per-STA profile in an association response, it's not clear
what that would really mean. Refuse connecting in this case
since the AP isn't following the spec.
Link: https://msgid.link/20240129200652.23f1e3b337f1.Idd2e43cdbfe3ba15b3e9b8aeb54c8115587177a0@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
| -rw-r--r-- | net/mac80211/ieee80211_i.h | 1 | ||||
| -rw-r--r-- | net/mac80211/mlme.c | 3 | ||||
| -rw-r--r-- | net/mac80211/util.c | 5 |
3 files changed, 8 insertions, 1 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index f5fe659a1efd2..e11297b4dc635 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1671,6 +1671,7 @@ enum ieee80211_elems_parse_error { IEEE80211_PARSE_ERR_DUP_ELEM = BIT(1), IEEE80211_PARSE_ERR_BAD_ELEM_SIZE = BIT(2), IEEE80211_PARSE_ERR_UNEXPECTED_ELEM = BIT(3), + IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC = BIT(4), }; /* Parsed Information Elements */ diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 35dda59828540..9a0331d914d3f 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -4304,7 +4304,8 @@ static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link, link->u.mgd.bss_param_ch_cnt = ieee80211_mle_get_bss_param_ch_cnt(elems->ml_basic); } - } else if (!elems->prof || + } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC || + !elems->prof || !(elems->prof->control & prof_bss_param_ch_present)) { ret = false; goto out; diff --git a/net/mac80211/util.c b/net/mac80211/util.c index c1fa762f0cbab..d85a9c5cde267 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -1012,6 +1012,11 @@ ieee80211_parse_extension_element(u32 *crc, switch (le16_get_bits(mle->control, IEEE80211_ML_CONTROL_TYPE)) { case IEEE80211_ML_CONTROL_TYPE_BASIC: + if (elems->ml_basic) { + elems->parse_error |= + IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC; + break; + } elems->ml_basic_elem = (void *)elem; elems->ml_basic = data; elems->ml_basic_len = len; |