git.ipfire.org Git - thirdparty/linux.git/commit

author	Masashi Honma <masashi.honma@gmail.com>
	Fri, 29 May 2026 23:09:47 +0000 (08:09 +0900)
committer	Johannes Berg <johannes.berg@intel.com>
	Wed, 3 Jun 2026 12:07:07 +0000 (14:07 +0200)
commit	d158e54476ea9667c33dfa2c8d87c7cc32b40f1b
tree	93d71965d0e83abd86480b551624720e847b09af	tree \| snapshot
parent	8b40b1d24a6099fe9fac8e207d4cb04ab5e0baae	commit \| diff

wifi: mac80211: Fix overread in PREP frame processing

When the AF flag is enabled, hwmp_prep_frame_process() overreads orig_addr
by 2 bytes. Since this occurs within the socket buffer, it does not read
across memory boundaries and therefore poses no security risk; however, we
will fix it as a precaution.

In this fix, a new function mesh_path_parse_reply_frame() is established to
separate the implementation of frame format validation and the check for
unsupported features. This is intended to facilitate future work when
implementing the currently unsupported parts.

Assisted-by: Claude:Sonnet 4.6
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Link: https://patch.msgid.link/20260529230952.124754-5-masashi.honma@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

include/linux/ieee80211-mesh.h		diff \| blob \| blame \| history
net/mac80211/mesh_hwmp.c		diff \| blob \| blame \| history
net/mac80211/parse.c		diff \| blob \| blame \| history