From 03e7e493f1a3697eba115f3f69e296f7e47500ee Mon Sep 17 00:00:00 2001
From: Benjamin Berg <benjamin.berg@intel.com>
Date: Fri, 16 Jun 2023 09:54:02 +0300
Subject: wifi: cfg80211: ignore invalid TBTT info field types

The TBTT information field type must be zero. This is only changed in
the 802.11be draft specification where the value 1 is used to indicate
that only the MLD parameters are included.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230616094949.7865606ffe94.I7ff28afb875d1b4c39acd497df8490a7d3628e3f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/wireless/scan.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'net/wireless')

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index d9abbf123ad1..2212e6d24204 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -629,6 +629,13 @@ static int cfg80211_parse_colocated_ap(const struct cfg80211_bss_ies *ies,
 		if (end - pos < count * length)
 			break;
 
+		if (u8_get_bits(ap_info->tbtt_info_hdr,
+				IEEE80211_AP_INFO_TBTT_HDR_TYPE) !=
+		    IEEE80211_TBTT_INFO_TYPE_TBTT) {
+			pos += count * length;
+			continue;
+		}
+
 		/*
 		 * TBTT info must include bss param + BSSID +
 		 * (short SSID or same_ssid bit to be set).
-- 
cgit v1.2.3