From: Benjamin Berg <benjamin.berg@intel.com>
Date: Sun, 1 Sep 2024 16:31:33 +0000 (+0300)
Subject: BSS: MLD: Limit TBTT parsing to correct length
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=26273daef2781882fb6b469f1009ccf363d4f055;p=thirdparty%2Fhostap.git

BSS: MLD: Limit TBTT parsing to correct length

Logically, it makes more sense to pass the ap_info_len as that is the
length that the function is permitted to process. Effectively it does
not make a difference and the code was entirely safe, but change it
nontheless to be more correct.

Fixes: de5e01010cb2 ("wpa_supplicant: Support ML probe request")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
---

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 2bf97652d..aac5f0362 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -1823,8 +1823,8 @@ int wpa_bss_parse_basic_ml_element(struct wpa_supplicant *wpa_s,
 				goto out;
 
 			wpa_bss_parse_ml_rnr_ap_info(wpa_s, bss, mbssid_idx,
-						     ap_info, len, &seen,
-						     &missing, ssid);
+						     ap_info, ap_info_len,
+						     &seen, &missing, ssid);
 
 			pos += ap_info_len;
 			len -= ap_info_len;