Commit 7b6f0877 authored by Ilan Peer's avatar Ilan Peer Committed by Johannes Berg
Browse files

wifi: ieee80211: Support validating ML station profile length 



Add a function to validate EHT Multi-Link per station profile length.

Signed-off-by: default avatarIlan Peer <ilan.peer@intel.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 53ad07e9

include/linux/ieee80211.h

+40 −0
Original line number Diff line number Diff line
@@ -4685,6 +4685,46 @@ struct ieee80211_mle_per_sta_profile { 
	u8 variable[];

} __packed;



/**

 * ieee80211_mle_sta_prof_size_ok - validate multi-link element sta profile size

 * @data: pointer to the sub element data

 * @len: length of the containing sub element

 */

static inline bool ieee80211_mle_sta_prof_size_ok(const u8 *data, size_t len)

{

	const struct ieee80211_mle_per_sta_profile *prof = (const void *)data;

	u16 control;

	u8 fixed = sizeof(*prof);

	u8 info_len = 1;



	if (len < fixed)

		return false;



	control = le16_to_cpu(prof->control);



	if (control & IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT)

		info_len += 6;

	if (control & IEEE80211_MLE_STA_CONTROL_BEACON_INT_PRESENT)

		info_len += 2;

	if (control & IEEE80211_MLE_STA_CONTROL_TSF_OFFS_PRESENT)

		info_len += 8;

	if (control & IEEE80211_MLE_STA_CONTROL_DTIM_INFO_PRESENT)

		info_len += 2;

	if (control & IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT)

		info_len += 1;



	if (control & IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE &&

	    control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE) {

		if (control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE)

			info_len += 2;

		else

			info_len += 1;

	}



	return prof->sta_info_len >= info_len &&

	       fixed + prof->sta_info_len <= len;

}



#define for_each_mle_subelement(_elem, _data, _len)			\

	if (ieee80211_mle_size_ok(_data, _len))				\

		for_each_element(_elem,					\