[PATCH 5.17 136/158] nl80211: validate S1G channel width
From: Greg Kroah-Hartman
Date: Mon May 23 2022 - 14:08:57 EST
From: Kieran Frewen <kieran.frewen@xxxxxxxxxxxxxx>
[ Upstream commit 5d087aa759eb82b8208411913f6c2158bd85abc0 ]
Validate the S1G channel width input by user to ensure it matches
that of the requested channel
Signed-off-by: Kieran Frewen <kieran.frewen@xxxxxxxxxxxxxx>
Signed-off-by: Bassem Dawood <bassem@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20220420041321.3788789-2-kieran.frewen@xxxxxxxxxxxxxx
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
net/wireless/nl80211.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index dc171ca0d1b1..06a35f1bec23 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3128,6 +3128,15 @@ int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
chandef->width =
nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
+ if (chandef->chan->band == NL80211_BAND_S1GHZ) {
+ /* User input error for channel width doesn't match channel */
+ if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
+ NL_SET_ERR_MSG_ATTR(extack,
+ attrs[NL80211_ATTR_CHANNEL_WIDTH],
+ "bad channel width");
+ return -EINVAL;
+ }
+ }
if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
chandef->center_freq1 =
nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
--
2.35.1