From: Aditya Kumar Singh <quic_adisi@quicinc.com>
Date: Wed, 7 Aug 2024 04:18:37 +0000 (+0530)
Subject: nl80211: Sanitize link ID in mlme_event_ch_switch() for AP interface
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e33a55d31d61d0a6970e899d3774ea7835975766;p=thirdparty%2Fhostap.git

nl80211: Sanitize link ID in mlme_event_ch_switch() for AP interface

During channel switch handling for AP MLD, if link ID is incorrect,
there is no point in proceeding till end and failing or returning from
there. Hence sanitize it in the initial time itself and return if it is
incorrect. Throw a warning print if it is not correct as well.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
---

diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index abe90e984..aadefc7b7 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -1303,6 +1303,14 @@ static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv,
 			return;
 	}
 
+	if (link && is_ap_interface(drv->nlmode) &&
+	    !nl80211_link_valid(bss->valid_links, data.ch_switch.link_id)) {
+		wpa_printf(MSG_WARNING,
+			   "nl80211: Unknown link ID (%d) for channel switch (%s), ignoring",
+			   data.ch_switch.link_id, bss->ifname);
+		return;
+	}
+
 	drv->assoc_freq = data.ch_switch.freq;
 
 	wpa_supplicant_event(bss->ctx, finished ?