• B
    mwifiex: Don't abort on small, spec-compliant vendor IEs · bb902b6c
    Brian Norris 提交于
    commit 63d7ef36103d26f20325a921ecc96a3288560146 upstream.
    
    Per the 802.11 specification, vendor IEs are (at minimum) only required
    to contain an OUI. A type field is also included in ieee80211.h (struct
    ieee80211_vendor_ie) but doesn't appear in the specification. The
    remaining fields (subtype, version) are a convention used in WMM
    headers.
    
    Thus, we should not reject vendor-specific IEs that have only the
    minimum length (3 bytes) -- we should skip over them (since we only want
    to match longer IEs, that match either WMM or WPA formats). We can
    reject elements that don't have the minimum-required 3 byte OUI.
    
    While we're at it, move the non-standard subtype and version fields into
    the WMM structs, to avoid this confusion in the future about generic
    "vendor header" attributes.
    
    Fixes: 685c9b7750bf ("mwifiex: Abort at too short BSS descriptor element")
    Cc: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: NBrian Norris <briannorris@chromium.org>
    Reviewed-by: NTakashi Iwai <tiwai@suse.de>
    Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
    Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    bb902b6c
sta_ioctl.c 39.6 KB