From c6e37ed498f958254b5459253199e816b6bfc52f Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Mon, 20 Sep 2021 15:40:08 +0200
Subject: [PATCH] mac80211: move CRC into struct ieee802_11_elems
Git-commit: c6e37ed498f958254b5459253199e816b6bfc52f
Patch-mainline: v5.16-rc1
References: CVE-2022-42719 bsc#1204051
We're currently returning this value, but to prepare for
returning the allocated structure, move it into there.
Link: https://lore.kernel.org/r/20210920154009.479b8ebf999d.If0d4ba75ee38998dc3eeae25058aa748efcb2fc9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
net/mac80211/ieee80211_i.h | 9 +++++----
net/mac80211/mlme.c | 9 +++++----
net/mac80211/util.c | 10 +++++-----
3 files changed, 15 insertions(+), 13 deletions(-)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1446,6 +1446,7 @@ struct ieee80211_csa_ie {
struct ieee802_11_elems {
const u8 *ie_start;
size_t total_len;
+ u32 crc;
/* pointers to IEs */
const struct ieee80211_tdls_lnkie *lnk_id;
@@ -1954,10 +1955,10 @@ static inline void ieee80211_tx_skb(stru
ieee80211_tx_skb_tid(sdata, skb, 7);
}
-u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
- struct ieee802_11_elems *elems,
- u64 filter, u32 crc, u8 *transmitter_bssid,
- u8 *bss_bssid);
+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
+ struct ieee802_11_elems *elems,
+ u64 filter, u32 crc, u8 *transmitter_bssid,
+ u8 *bss_bssid);
static inline void ieee802_11_parse_elems(const u8 *start, size_t len,
bool action,
struct ieee802_11_elems *elems,
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3889,10 +3889,11 @@ static void ieee80211_rx_mgmt_beacon(str
ieee80211_sta_reset_beacon_monitor(sdata);
ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
- ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
- len - baselen, false, &elems,
- care_about_ies, ncrc,
- mgmt->bssid, bssid);
+ ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
+ len - baselen, false, &elems,
+ care_about_ies, ncrc,
+ mgmt->bssid, bssid);
+ ncrc = elems.crc;
if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
ieee80211_check_tim(elems.tim, elems.tim_len, ifmgd->aid)) {
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1326,10 +1326,10 @@ static size_t ieee802_11_find_bssid_prof
return found ? profile_len : 0;
}
-u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
- struct ieee802_11_elems *elems,
- u64 filter, u32 crc, u8 *transmitter_bssid,
- u8 *bss_bssid)
+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
+ struct ieee802_11_elems *elems,
+ u64 filter, u32 crc, u8 *transmitter_bssid,
+ u8 *bss_bssid)
{
const struct element *non_inherit = NULL;
u8 *nontransmitted_profile;
@@ -1381,7 +1381,7 @@ u32 ieee802_11_parse_elems_crc(const u8
kfree(nontransmitted_profile);
- return crc;
+ elems->crc = crc;
}
void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata,