From 90a3b88be2d77347825975a7d3429535a101516c Mon Sep 17 00:00:00 2001
From: Pooventhiran G <quic_pooventh@quicinc.com>
Date: Fri, 11 Apr 2025 16:58:36 +0530
Subject: [PATCH] MLD: Defragment Reconfiguration Multi-Link element
 subelements

While parsing the Reconfiguration Multi-Link element, subelements
carried in the Multi-Link element were not defragmented. Fix this by
defragmenting the subelement before processing to avoid parsing issues.

Fixes: e5ea30feefa3 ("SME: MLD: Handle reconfiguration Multi-Link element")
Reviewed-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Pooventhiran G <quic_pooventh@quicinc.com>
---
 wpa_supplicant/bss.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 6c051ca42..58adaf744 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -2064,7 +2064,19 @@ u16 wpa_bss_parse_reconf_ml_element(struct wpa_supplicant *wpa_s,
 	len -= sizeof(*ml) + common_info->len;
 
 	while (len >= 2 + sizeof(struct ieee80211_eht_per_sta_profile)) {
-		size_t sub_elem_len = *(pos + 1);
+		size_t sub_elem_len;
+		int num_frag_subelems;
+
+		num_frag_subelems =
+			ieee802_11_defrag_mle_subelem(mlbuf, pos,
+						      &sub_elem_len);
+		if (num_frag_subelems < 0) {
+			wpa_printf(MSG_DEBUG,
+				   "MLD: Failed to parse MLE subelem");
+			break;
+		}
+
+		len -= num_frag_subelems * 2;
 
 		if (2 + sub_elem_len > len) {
 			wpa_printf(MSG_DEBUG,
-- 
2.47.2