From 60375541f7c8a577b977d344565259776c3acfc1 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 17 Apr 2009 00:54:23 +0200 Subject: mac80211: validate TIM IE length The TIM IE must not be shorter than 4 bytes, so verify that when parsing it. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index dc60804..1619e0c 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -441,6 +441,9 @@ static bool ieee80211_check_tim(struct ieee802_11_elems *elems, u16 aid) u8 index, indexn1, indexn2; struct ieee80211_tim_ie *tim = (struct ieee80211_tim_ie *) elems->tim; + if (unlikely(!tim || elems->tim_len < 4)) + return false; + aid &= 0x3fff; index = aid / 8; mask = 1 << (aid & 7); -- cgit v0.10.2