mac80211: parse only HE capability elements with valid size

The code validates the HE capability element size later,
but slightly wrong, so use the new helper to do it right
and only accept it if it has a good size.

Link: https://lore.kernel.org/r/20220214172920.b5b06f264a61.I645ac1e2dc0ace223ef3e551cd5a71c88bd55e04@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index abc29df..1a8e187 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -973,8 +973,10 @@ static void ieee80211_parse_extension_element(u32 *crc,
                }
                break;
        case WLAN_EID_EXT_HE_CAPABILITY:
-               elems->he_cap = data;
-               elems->he_cap_len = len;
+               if (ieee80211_he_capa_size_ok(data, len)) {
+                       elems->he_cap = data;
+                       elems->he_cap_len = len;
+               }
                break;
        case WLAN_EID_EXT_HE_OPERATION:
                if (len >= sizeof(*elems->he_operation) &&