wifi: mt76: mt7915: check the correctness of event data

author Ryder Lee <ryder.lee@mediatek.com>

Sat, 3 Dec 2022 21:33:19 +0000 (05:33 +0800)

committer Felix Fietkau <nbd@nbd.name>

Fri, 9 Dec 2022 15:45:39 +0000 (16:45 +0100)
author Ryder Lee <ryder.lee@mediatek.com>
Sat, 3 Dec 2022 21:33:19 +0000 (05:33 +0800)
committer Felix Fietkau <nbd@nbd.name>
Fri, 9 Dec 2022 15:45:39 +0000 (16:45 +0100)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c

index 86ec767..37a3c1f 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
@@ -232,8 +232,11 @@ mt7915_mcu_rx_csa_notify(struct mt7915_dev *dev, struct sk_buff *skb)
  
         c = (struct mt7915_mcu_csa_notify *)skb->data;
  
+       if (c->band_idx > MT_BAND1)
+               return;
+
         if ((c->band_idx && !dev->phy.mt76->band_idx) &&
-            dev->mt76.phys[MT_BAND1])
+           dev->mt76.phys[MT_BAND1])
                 mphy = dev->mt76.phys[MT_BAND1];
  
         ieee80211_iterate_active_interfaces_atomic(mphy->hw,
@@ -252,8 +255,11 @@ mt7915_mcu_rx_thermal_notify(struct mt7915_dev *dev, struct sk_buff *skb)
         if (t->ctrl.ctrl_id != THERMAL_PROTECT_ENABLE)
                 return;
  
+       if (t->ctrl.band_idx > MT_BAND1)
+               return;
+
         if ((t->ctrl.band_idx && !dev->phy.mt76->band_idx) &&
-            dev->mt76.phys[MT_BAND1])
+           dev->mt76.phys[MT_BAND1])
                 mphy = dev->mt76.phys[MT_BAND1];
  
         phy = (struct mt7915_phy *)mphy->priv;
@@ -268,8 +274,11 @@ mt7915_mcu_rx_radar_detected(struct mt7915_dev *dev, struct sk_buff *skb)
  
         r = (struct mt7915_mcu_rdd_report *)skb->data;
  
+       if (r->band_idx > MT_BAND1)
+               return;
+
         if ((r->band_idx && !dev->phy.mt76->band_idx) &&
-            dev->mt76.phys[MT_BAND1])
+           dev->mt76.phys[MT_BAND1])
                 mphy = dev->mt76.phys[MT_BAND1];
  
         if (r->band_idx == MT_RX_SEL2)
@@ -326,7 +335,11 @@ mt7915_mcu_rx_bcc_notify(struct mt7915_dev *dev, struct sk_buff *skb)
  
         b = (struct mt7915_mcu_bcc_notify *)skb->data;
  
-       if ((b->band_idx && !dev->phy.mt76->band_idx) && dev->mt76.phys[MT_BAND1])
+       if (b->band_idx > MT_BAND1)
+               return;
+
+       if ((b->band_idx && !dev->phy.mt76->band_idx) &&
+           dev->mt76.phys[MT_BAND1])
                 mphy = dev->mt76.phys[MT_BAND1];
  
         ieee80211_iterate_active_interfaces_atomic(mphy->hw,
author	Ryder Lee <ryder.lee@mediatek.com>
	Sat, 3 Dec 2022 21:33:19 +0000 (05:33 +0800)
committer	Felix Fietkau <nbd@nbd.name>
	Fri, 9 Dec 2022 15:45:39 +0000 (16:45 +0100)