From 1946bed95707ef75d85e94ebe106ce7a119ca831 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 27 Mar 2013 14:31:53 +0100 Subject: mac80211: check ERP info IE length in parser It's always just one byte, so check for that and remove the length field from the parser struct. Signed-off-by: Johannes Berg --- net/mac80211/util.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'net/mac80211/util.c') diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 0f7d1c20f8ac..4839dec5c9ac 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -780,8 +780,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, elems->rsn_len = elen; break; case WLAN_EID_ERP_INFO: - elems->erp_info = pos; - elems->erp_info_len = elen; + if (elen >= 1) + elems->erp_info = pos; + else + elem_parse_failed = true; break; case WLAN_EID_EXT_SUPP_RATES: elems->ext_supp_rates = pos; -- cgit v1.2.3