--- /dev/null
+From 9690fb169b433a66485c808e4fc352b8a0f8d866 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Wed, 24 Oct 2012 14:19:53 +0200
+Subject: mac80211: use blacklist for duplicate IE check
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 9690fb169b433a66485c808e4fc352b8a0f8d866 upstream.
+
+Instead of the current whitelist which accepts duplicates
+only for the quiet and vendor IEs, use a blacklist of all
+IEs (that we currently parse) that can't be duplicated.
+
+This avoids detecting a beacon as corrupt in the future
+when new IEs are added that can be duplicated.
+
+Signed-off-by: Paul Stewart <pstew@chromium.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/util.c | 42 +++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 35 insertions(+), 7 deletions(-)
+
+--- a/net/mac80211/util.c
++++ b/net/mac80211/util.c
+@@ -637,13 +637,41 @@ u32 ieee802_11_parse_elems_crc(u8 *start
+ break;
+ }
+
+- if (id != WLAN_EID_VENDOR_SPECIFIC &&
+- id != WLAN_EID_QUIET &&
+- test_bit(id, seen_elems)) {
+- elems->parse_error = true;
+- left -= elen;
+- pos += elen;
+- continue;
++ switch (id) {
++ case WLAN_EID_SSID:
++ case WLAN_EID_SUPP_RATES:
++ case WLAN_EID_FH_PARAMS:
++ case WLAN_EID_DS_PARAMS:
++ case WLAN_EID_CF_PARAMS:
++ case WLAN_EID_TIM:
++ case WLAN_EID_IBSS_PARAMS:
++ case WLAN_EID_CHALLENGE:
++ case WLAN_EID_RSN:
++ case WLAN_EID_ERP_INFO:
++ case WLAN_EID_EXT_SUPP_RATES:
++ case WLAN_EID_HT_CAPABILITY:
++ case WLAN_EID_HT_OPERATION:
++ case WLAN_EID_VHT_CAPABILITY:
++ case WLAN_EID_VHT_OPERATION:
++ case WLAN_EID_MESH_ID:
++ case WLAN_EID_MESH_CONFIG:
++ case WLAN_EID_PEER_MGMT:
++ case WLAN_EID_PREQ:
++ case WLAN_EID_PREP:
++ case WLAN_EID_PERR:
++ case WLAN_EID_RANN:
++ case WLAN_EID_CHANNEL_SWITCH:
++ case WLAN_EID_EXT_CHANSWITCH_ANN:
++ case WLAN_EID_COUNTRY:
++ case WLAN_EID_PWR_CONSTRAINT:
++ case WLAN_EID_TIMEOUT_INTERVAL:
++ if (test_bit(id, seen_elems)) {
++ elems->parse_error = true;
++ left -= elen;
++ pos += elen;
++ continue;
++ }
++ break;
+ }
+
+ if (calc_crc && id < 64 && (filter & (1ULL << id)))