Message ID | 20221125123657.44ab63af8fc7.Ib449c5f95120320db924edf5935133467eedc3d2@changeid (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Johannes Berg |
Headers | show |
Series | [1/2] wifi: cfg80211: fix buffer overflow in elem comparison | expand |
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index da752b0cc752..4d217798890a 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -330,7 +330,8 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, * determine if they are the same ie. */ if (tmp_old[0] == WLAN_EID_VENDOR_SPECIFIC) { - if (!memcmp(tmp_old + 2, tmp + 2, 5)) { + if (tmp_old[1] >= 5 && tmp[1] >= 5 && + !memcmp(tmp_old + 2, tmp + 2, 5)) { /* same vendor ie, copy from * subelement */