Re: [PATCH v3 1/2] wifi: cw1200: Avoid processing an invalid TIM IE

From: Kalle Valo
Date: Mon Sep 18 2023 - 13:02:39 EST


Jeff Johnson <quic_jjohnson@xxxxxxxxxxx> wrote:

> While converting struct ieee80211_tim_ie::virtual_map to be a flexible
> array it was observed that the TIM IE processing in cw1200_rx_cb()
> could potentially process a malformed IE in a manner that could result
> in a buffer over-read. Add logic to verify that the TIM IE length is
> large enough to hold a valid TIM payload before processing it.
>
> Signed-off-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx>

Patch applied to wireless-next.git, thanks.

b7bcea9c27b3 wifi: cw1200: Avoid processing an invalid TIM IE

--
https://patchwork.kernel.org/project/linux-wireless/patch/20230831-ieee80211_tim_ie-v3-1-e10ff584ab5d@xxxxxxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches