summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/mac80211/ieee80211_i.h1
-rw-r--r--net/mac80211/mlme.c3
-rw-r--r--net/mac80211/util.c5
3 files changed, 8 insertions, 1 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index f5fe659a1efd..e11297b4dc63 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1671,6 +1671,7 @@ enum ieee80211_elems_parse_error {
IEEE80211_PARSE_ERR_DUP_ELEM = BIT(1),
IEEE80211_PARSE_ERR_BAD_ELEM_SIZE = BIT(2),
IEEE80211_PARSE_ERR_UNEXPECTED_ELEM = BIT(3),
+ IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC = BIT(4),
};
/* Parsed Information Elements */
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 35dda5982854..9a0331d914d3 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -4304,7 +4304,8 @@ static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
link->u.mgd.bss_param_ch_cnt =
ieee80211_mle_get_bss_param_ch_cnt(elems->ml_basic);
}
- } else if (!elems->prof ||
+ } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
+ !elems->prof ||
!(elems->prof->control & prof_bss_param_ch_present)) {
ret = false;
goto out;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index c1fa762f0cba..d85a9c5cde26 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1012,6 +1012,11 @@ ieee80211_parse_extension_element(u32 *crc,
switch (le16_get_bits(mle->control,
IEEE80211_ML_CONTROL_TYPE)) {
case IEEE80211_ML_CONTROL_TYPE_BASIC:
+ if (elems->ml_basic) {
+ elems->parse_error |=
+ IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC;
+ break;
+ }
elems->ml_basic_elem = (void *)elem;
elems->ml_basic = data;
elems->ml_basic_len = len;
generated by cgit v1.2.3-58-ga151 (git 2.39.0) at 2024-11-25 01:18:27 +0000