MLD: Defragment Reconfiguration Multi-Link element subelements

While parsing the Reconfiguration Multi-Link element, subelements
carried in the Multi-Link element were not defragmented. Fix this by
defragmenting the subelement before processing to avoid parsing issues.

Fixes: e5ea30feefa3 ("SME: MLD: Handle reconfiguration Multi-Link element")
Reviewed-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Pooventhiran G <quic_pooventh@quicinc.com>

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 6c051ca42af005f3801c71f94df2d14c3cadf349..58adaf7449a76482d5f2145d0d950a520a16605f 100644 (file)
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -2064,7 +2064,19 @@ u16 wpa_bss_parse_reconf_ml_element(struct wpa_supplicant *wpa_s,
        len -= sizeof(*ml) + common_info->len;
 
        while (len >= 2 + sizeof(struct ieee80211_eht_per_sta_profile)) {
-               size_t sub_elem_len = *(pos + 1);
+               size_t sub_elem_len;
+               int num_frag_subelems;
+
+               num_frag_subelems =
+                       ieee802_11_defrag_mle_subelem(mlbuf, pos,
+                                                     &sub_elem_len);
+               if (num_frag_subelems < 0) {
+                       wpa_printf(MSG_DEBUG,
+                                  "MLD: Failed to parse MLE subelem");
+                       break;
+               }
+
+               len -= num_frag_subelems * 2;
 
                if (2 + sub_elem_len > len) {
                        wpa_printf(MSG_DEBUG,