diff mbox series

[24/24] mac80211: Properly access radiotap vendor data

Message ID	20181215090325.31604-25-luca@coelho.fi (mailing list archive)
State	Accepted
Delegated to:	Johannes Berg
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Luca Coelho <luca@coelho.fi> To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Ilan Peer <ilan.peer@intel.com>, Luca Coelho <luciano.coelho@intel.com> Date: Sat, 15 Dec 2018 11:03:25 +0200 Message-Id: <20181215090325.31604-25-luca@coelho.fi> In-Reply-To: <20181215090325.31604-1-luca@coelho.fi> References: <20181215090325.31604-1-luca@coelho.fi> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [PATCH 24/24] mac80211: Properly access radiotap vendor data Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk
Series	cfg80211/mac80211 patches from our internal tree 2018-12-15 \| expand [00/24] cfg80211/mac80211 patches from our internal tree 2018-12-15 [01/24] mac80211: suspicious RCU usage fix [02/24] ieee80211: add bits for TWT in Extended Capabilities IE [03/24] mac80211: propagate the support for TWT to the driver [04/24] mac80211: update HE operation fields to D3.0 [05/24] mac80211: free skb fraglist before freeing the skb [06/24] mac80211: don't build AMSDU from GSO packets [07/24] mac80211: document RCU requirements for ieee80211_tx_dequeue() [08/24] mac80211: remove superfluous NULL check [09/24] mac80211: fix a kernel panic when TXing after TXQ teardown [10/24] mac80211: never pass NULL params to ieee80211_if_add() [11/24] mac80211: fix radiotap vendor presence bitmap handling [12/24] mac80211: ignore NullFunc frames in the duplicate detection [13/24] cfg80211: pmsr: fix MAC address setting [14/24] mac80211: update driver when MU EDCA params change [15/24] cfg80211: fix ieee80211_get_vht_max_nss() [16/24] mac80211: Properly handle SKB with radiotap only [17/24] cfg80211: Include the PMK and PMKID in NL80211_CMD_EXTERNAL_AUTH [18/24] mac80211: set STA flag DISABLE_HE if HE is not supported [19/24] mac80211: do not advertise HE cap IE if HE disabled [20/24] cfg80211: add some missing fall through annotations [21/24] nl80211: fix memory leak if validate_pae_over_nl80211() fails [22/24] cfg80211: clarify LCI/civic location documentation [23/24] mac80211: ftm responder: remove pointless defensive coding [24/24] mac80211: Properly access radiotap vendor data

Commit Message

Luca Coelho Dec. 15, 2018, 9:03 a.m. UTC

From: Ilan Peer <ilan.peer@intel.com>

The radiotap vendor data might be placed after some other
radiotap elements, and thus when accessing it, need to access
the correct offset in the skb data. Fix the code accordingly.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 net/mac80211/rx.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff mbox series

Patch

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 85c365fc7a0c..45aad3d3108c 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -762,8 +762,12 @@  ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
 	if (status->flag & RX_FLAG_RADIOTAP_HE_MU)
 		rtap_space += sizeof(struct ieee80211_radiotap_he_mu);
 
+	if (status->flag & RX_FLAG_RADIOTAP_LSIG)
+		rtap_space += sizeof(struct ieee80211_radiotap_lsig);
+
 	if (unlikely(status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA)) {
-		struct ieee80211_vendor_radiotap *rtap = (void *)origskb->data;
+		struct ieee80211_vendor_radiotap *rtap =
+			(void *)(origskb->data + rtap_space);
 
 		rtap_space += sizeof(*rtap) + rtap->len + rtap->pad;
 	}