From: Johannes Berg <johannes.berg@intel.com>
Date: Sat, 11 Dec 2021 19:10:24 +0000 (+0100)
Subject: mac80211: validate extended element ID is present
X-Git-Tag: baikal/mips/sdk6.1~6857^2~19^2~5
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=9b071450df44dbf9849fdfda80a10d9b43544217;p=kernel.git

mac80211: validate extended element ID is present

Before attempting to parse an extended element, verify that
the extended element ID is present.

Fixes: 8888ba3bbf42 ("mac80211: add support for HE")
Reported-by: syzbot+59bdff68edce82e393b6@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20211211201023.f30a1b128c07.I5cacc176da94ba316877c6e10fe3ceec8b4dbd7d@changeid
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 43df2f0c5db9c..6c2934854d3ce 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -943,7 +943,12 @@ static void ieee80211_parse_extension_element(u32 *crc,
 					      struct ieee802_11_elems *elems)
 {
 	const void *data = elem->data + 1;
-	u8 len = elem->datalen - 1;
+	u8 len;
+
+	if (!elem->datalen)
+		return;
+
+	len = elem->datalen - 1;
 
 	switch (elem->data[0]) {
 	case WLAN_EID_EXT_HE_MU_EDCA: