From 307c363964ec5a654325953a51b915af62e7a044 Mon Sep 17 00:00:00 2001 From: Pooventhiran G Date: Thu, 19 Jun 2025 00:35:09 +0530 Subject: [PATCH] AP MLD: Remove Link STA on Group KDE length check failure If accepting an add-request in Link Reconfiguration causes the Group KDE Length subfield to exceed max length, the request is rejected, but the link STA will already have been added to the kernel driver. Hence, remove the link STA on max length check failure. Fixes: 60b3884948c6 ("AP MLD: Validate Link Reconfiguration Request frame after parsing") Signed-off-by: Pooventhiran G --- src/ap/ieee802_11_eht.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/ap/ieee802_11_eht.c b/src/ap/ieee802_11_eht.c index ce228469f..19139f3f1 100644 --- a/src/ap/ieee802_11_eht.c +++ b/src/ap/ieee802_11_eht.c @@ -2434,9 +2434,9 @@ hostapd_validate_link_reconf_req(struct hostapd_data *hapd, struct sta_info *sta, struct link_reconf_req_list *req_list) { - struct hostapd_data *assoc_hapd; + struct hostapd_data *assoc_hapd, *lhapd; struct link_reconf_req_info *info; - struct sta_info *assoc_sta; + struct sta_info *assoc_sta, *lsta; struct mld_info *mld_info; u8 recovery_link; u16 valid_links = 0, links_add_ok = 0, links_del_ok = 0, status; @@ -2463,6 +2463,9 @@ hostapd_validate_link_reconf_req(struct hostapd_data *hapd, /* Check IEs for add-link STA profiles */ dl_list_for_each(info, &req_list->add_req, struct link_reconf_req_info, list) { + lhapd = NULL; + lsta = NULL; + wpa_printf(MSG_DEBUG, "MLD: Add Link Reconf STA for link id=%u status=%u", info->link_id, info->status); @@ -2498,6 +2501,14 @@ hostapd_validate_link_reconf_req(struct hostapd_data *hapd, LINK_RECONF_GROUP_KDE_MAX_LEN, info->link_id); status = WLAN_STATUS_UNSPECIFIED_FAILURE; + + lhapd = hostapd_mld_get_link_bss(hapd, info->link_id); + if (lhapd) + lsta = ap_get_sta(lhapd, + req_list->sta_mld_addr); + + if (lsta) + ap_free_sta(lhapd, lsta); } else { total_kde_len += link_kde_len; links_add_ok |= BIT(info->link_id); -- 2.47.3