Add an explicit check for MLE subelement defragmentation

While the ieee802_11_defrag_mle_subelem() checks that the subelements
are present, an explicit check for the length in the caller makes this
more obvious.

Signed-off-by: Bruno Kremp <bruno.kremp@sony.com>

diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 5bcab11df7ccc0fe7c6faed1ae4d1b1b4bbadd44..387c417a6eb925a00f8dafc7ebc12af3fd5203c1 100644 (file)
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -1042,7 +1042,8 @@ ParseRes ieee802_11_parse_link_assoc_req(struct ieee802_11_elems *elems,
                                   "MLD: Failed to parse MLE subelem");
                        goto out;
                }
-
+               if ((size_t) num_frag_subelems * 2 > len)
+                       goto out;
                len -= num_frag_subelems * 2;
 
                wpa_printf(MSG_DEBUG,