mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-09 14:43:16 +00:00
nl80211: sanity check the channel switch counter value
The nl80211 channel switch count attribute (NL80211_ATTR_CH_SWITCH_COUNT) is specified as u32, but the specification uses u8 for the counter. To make sure strange things don't happen without informing the user, sanity check the value and return -EINVAL if it doesn't fit in u8. Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
parent
bc37b16870
commit
252e07ca5f
@ -5927,6 +5927,7 @@ static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
|
||||
int err;
|
||||
bool need_new_beacon = false;
|
||||
int len, i;
|
||||
u32 cs_count;
|
||||
|
||||
if (!rdev->ops->channel_switch ||
|
||||
!(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
|
||||
@ -5963,7 +5964,14 @@ static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
|
||||
if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
|
||||
return -EINVAL;
|
||||
|
||||
params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
|
||||
/* Even though the attribute is u32, the specification says
|
||||
* u8, so let's make sure we don't overflow.
|
||||
*/
|
||||
cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
|
||||
if (cs_count > 255)
|
||||
return -EINVAL;
|
||||
|
||||
params.count = cs_count;
|
||||
|
||||
if (!need_new_beacon)
|
||||
goto skip_beacons;
|
||||
|
Loading…
x
Reference in New Issue
Block a user