wifi: ieee80211: fix erroneous NSTR bitmap size checks

The complete profile bit together with the NSTR link pair
present bit indicate whether or not the NSTR bitmap is,
the NSTR bitmap size just indicates how big it is.

Fixes: 7b6f08771bf6 ("wifi: ieee80211: Support validating ML station profile length")
Fixes: 5c1f97537bfb ("wifi: mac80211: store BSS param change count from assoc response")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 6f1747a..4b99809 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -4920,7 +4920,7 @@ static inline bool ieee80211_mle_basic_sta_prof_size_ok(const u8 *data,
        if (control & IEEE80211_MLE_STA_CONTROL_DTIM_INFO_PRESENT)
                info_len += 2;
        if (control & IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE &&
-           control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE) {
+           control & IEEE80211_MLE_STA_CONTROL_NSTR_LINK_PAIR_PRESENT) {
                if (control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE)
                        info_len += 2;
                else
@@ -4959,7 +4959,7 @@ ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(const struct ieee80211_mle_per_sta
        if (control & IEEE80211_MLE_STA_CONTROL_DTIM_INFO_PRESENT)
                pos += 2;
        if (control & IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE &&
-           control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE) {
+           control & IEEE80211_MLE_STA_CONTROL_NSTR_LINK_PAIR_PRESENT) {
                if (control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE)
                        pos += 2;
                else