From: Johannes Berg Date: Thu, 27 Apr 2017 07:13:38 +0000 (+0200) Subject: nl80211: correctly validate MU-MIMO groups X-Git-Tag: v4.14-rc1~943^2~9^2~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4954601f821bb5afd4dd59b57bf801adf4924bbd;p=platform%2Fkernel%2Flinux-rpi.git nl80211: correctly validate MU-MIMO groups Since groups 0 and 63 are invalid, we should check for those bits. Note that the 802.11 spec specifies the *bit* order, but the CPU doesn't care about bit order since it can't address bits, so it's always treating BIT(0) as the lowest bit within a byte. Reported-by: Jan Fuchs Signed-off-by: Johannes Berg --- diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 570fc95dc507..c3bc9da30cff 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -2764,8 +2764,8 @@ static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev, nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]); /* bits 0 and 63 are reserved and must be zero */ - if ((mumimo_groups[0] & BIT(7)) || - (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(0))) + if ((mumimo_groups[0] & BIT(0)) || + (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7))) return -EINVAL; params->vht_mumimo_groups = mumimo_groups;