diff mbox series

[wireless,2/2] wifi: mac80211: fix vendor-specific inheritance

Message ID 20250221112451.fd71e5268840.I9db3e6a3367e6ff38d052d07dc07005f0dd3bd5c@changeid (mailing list archive)
State New
Delegated to: Johannes Berg
Headers show
Series [wireless,1/2] wifi: mac80211: fix MLE non-inheritance parsing | expand

Checks

Context Check Description
jmberg/fixes_present success Fixes tag present in non-next series
jmberg/series_format success Single patches do not need cover letters
jmberg/tree_selection success Clearly marked for wireless
jmberg/ynl success Generated files up to date; no warnings/errors; no diff in generated;
jmberg/build_clang success Errors and warnings before: 1 this patch: 1
jmberg/build_clang_rust success No Rust files in patch. Skipping build
jmberg/build_tools success No tools touched, skip
jmberg/cc_maintainers fail Link
jmberg/deprecated_api success None detected
jmberg/header_inline success No static functions without inline keyword in header files
jmberg/source_inline success Was 0 now: 0
jmberg/verify_fixes success Fixes tag looks correct
jmberg/check_selftest success No net selftest shell script
jmberg/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
jmberg/checkpatch success total: 0 errors, 0 warnings, 0 checks, 32 lines checked
jmberg/kdoc success Errors and warnings before: 0 this patch: 0
jmberg/build_32bit success Errors and warnings before: 0 this patch: 0
jmberg/verify_signedoff success Signed-off-by tag matches author and committer

Commit Message

Johannes Berg Feb. 21, 2025, 10:24 a.m. UTC 
From: Johannes Berg <johannes.berg@intel.com>

If there's any vendor-specific element in the subelements
then the outer element parsing must not parse any vendor
element at all. This isn't implemented correctly now due
to parsing into the pointers and then overriding them, so
explicitly skip vendor elements if any exist in the sub-
elements (non-transmitted profile or per-STA profile).

Fixes: 671042a4fb77 ("mac80211: support non-inheritance element")
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/mac80211/parse.c | 8 ++++++++
 1 file changed, 8 insertions(+)
diff mbox series

Patch

diff --git a/net/mac80211/parse.c b/net/mac80211/parse.c
index 3d5d6658fe8d..6da39c864f45 100644
--- a/net/mac80211/parse.c
+++ b/net/mac80211/parse.c
@@ -48,6 +48,7 @@  struct ieee80211_elems_parse {
 	const struct element *ml_epcs_elem;
 
 	bool multi_link_inner;
+	bool skip_vendor;
 
 	/*
 	 * scratch buffer that can be used for various element parsing related
@@ -400,6 +401,9 @@  _ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params,
 					IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
 			break;
 		case WLAN_EID_VENDOR_SPECIFIC:
+			if (elems_parse->skip_vendor)
+				break;
+
 			if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
 			    pos[2] == 0xf2) {
 				/* Microsoft OUI (00:50:F2) */
@@ -1054,12 +1058,16 @@  ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params)
 		multi_link_inner = true;
 	}
 
+	elems_parse->skip_vendor =
+		cfg80211_find_elem(WLAN_EID_VENDOR_SPECIFIC,
+				   sub.start, sub.len);
 	elems->crc = _ieee802_11_parse_elems_full(params, elems_parse,
 						  non_inherit);
 
 	/* Override with nontransmitted/per-STA profile if found */
 	if (sub.len) {
 		elems_parse->multi_link_inner = multi_link_inner;
+		elems_parse->skip_vendor = false;
 		_ieee802_11_parse_elems_full(&sub, elems_parse, NULL);
 	}