From: Johannes Berg johannes.berg@intel.com
[ Upstream commit 1177aaa7fe9373c762cd5bf5f5de8517bac989d5 ]
The subelements obviously start after the common data, including the common multi-link element structure definition itself. This bug was possibly just hidden by the higher bits of the control being set to 0, so the iteration just found one bogus element and most of the code could continue anyway.
Fixes: 0f48b8b88aa9 ("wifi: ieee80211: add definitions for multi-link element") Signed-off-by: Johannes Berg johannes.berg@intel.com Signed-off-by: Sasha Levin sashal@kernel.org --- include/linux/ieee80211.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 79690938d9a2..d3088666f3f4 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -4594,7 +4594,7 @@ static inline u8 ieee80211_mle_common_size(const u8 *data) return 0; }
- return common + mle->variable[0]; + return sizeof(*mle) + common + mle->variable[0]; }
/**