| commit | 1eab33aa63c993685dd341e03bd5b267dd7403fa | [log] [tgz] |
|---|---|---|
| author | Benjamin Berg <benjamin.berg@intel.com> | Thu Jan 29 11:33:50 2026 +0100 |
| committer | Johannes Berg <johannes.berg@intel.com> | Thu Jan 29 11:46:43 2026 +0100 |
| tree | 155c108be02d04f9eabbd073f8061c41ea7c4d4b | |
| parent | 0a80e38d0fe1fe7b59c1e93ad908c4148a15926a [diff] |
wifi: mac80211: correctly decode TTLM with default link map TID-To-Link Mapping (TTLM) elements do not contain any link mapping presence indicator if a default mapping is used and parsing needs to be skipped. Note that access points should not explicitly report an advertised TTLM with a default mapping as that is the implied mapping if the element is not included, this is even the case when switching back to the default mapping. However, mac80211 would incorrectly parse the frame and would also read one byte beyond the end of the element. Reported-by: Ruikai Peng <ruikai@pwno.io> Closes: https://lore.kernel.org/linux-wireless/CAFD3drMqc9YWvTCSHLyP89AOpBZsHdZ+pak6zVftYoZcUyF7gw@mail.gmail.com Fixes: 702e80470a33 ("wifi: mac80211: support handling of advertised TID-to-link mapping") Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Link: https://patch.msgid.link/20260129113349.d6b96f12c732.I69212a50f0f70db185edd3abefb6f04d3cb3e5ff@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>