Commit 43125539 authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: cfg80211: fix off-by-one in element defrag 



If a fragment is the last element, it's erroneously not
accepted. Fix that.

Fixes: f837a653 ("wifi: cfg80211: add element defragmentation helper")
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarGregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230827135854.adca9fbd3317.I6b2df45eb71513f3e48efd196ae3cddec362dc1c@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent a469a593

net/wireless/scan.c

+2 −2
Original line number Diff line number Diff line
@@ -2354,8 +2354,8 @@ ssize_t cfg80211_defragment_element(const struct element *elem, const u8 *ies, 


	/* elem might be invalid after the memmove */

	next = (void *)(elem->data + elem->datalen);



	elem_datalen = elem->datalen;



	if (elem->id == WLAN_EID_EXTENSION) {

		copied = elem->datalen - 1;

		if (copied > data_len)
@@ -2376,7 +2376,7 @@ ssize_t cfg80211_defragment_element(const struct element *elem, const u8 *ies, 


	for (elem = next;

	     elem->data < ies + ieslen &&

		elem->data + elem->datalen < ies + ieslen;

		elem->data + elem->datalen <= ies + ieslen;

	     elem = next) {

		/* elem might be invalid after the memmove */

		next = (void *)(elem->data + elem->datalen);