Commit 3adc05c4 authored by Johannes Berg's avatar Johannes Berg Committed by Dong Chenchen
Browse files

wifi: cfg80211: check A-MSDU format more carefully 

mainline inclusion
from mainline-v6.9-rc1
commit 9ad7974856926129f190ffbe3beea78460b3b7cc
category: bugfix
bugzilla: 190054, https://gitee.com/src-openeuler/kernel/issues/I9QGJD
CVE: CVE-2024-35937

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9ad7974856926129f190ffbe3beea78460b3b7cc



--------------------------------

If it looks like there's another subframe in the A-MSDU
but the header isn't fully there, we can end up reading
data out of bounds, only to discard later. Make this a
bit more careful and check if the subframe header can
even be present.

Reported-by: default avatar <syzbot+d050d437fe47d479d210@syzkaller.appspotmail.com>
Link: https://msgid.link/20240226203405.a731e2c95e38.I82ce7d8c0cc8970ce29d0a39fdc07f1ffc425be4@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Conflicts:
	net/wireless/util.c
[ieee80211_is_valid_amsdu() isnt implemented in the
current version for commit 6e4c0d04 not merged.
commit 9f718554 and 986e43b1 wasnt merged,
which lead to context conflicts]
Signed-off-by: default avatarDong Chenchen <dongchenchen2@huawei.com>
parent 0a378cfa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment