wifi: ieee80211: fix erroneous NSTR bitmap size checks

The complete profile bit together with the NSTR link pair
present bit indicate whether or not the NSTR bitmap is,
the NSTR bitmap size just indicates how big it is.

Fixes: 7b6f08771bf6 ("wifi: ieee80211: Support validating ML station profile length")
Fixes: 5c1f97537bfb ("wifi: mac80211: store BSS param change count from assoc response")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index b4674158a4b970ea59f8b2f2d476ce85f24d4f28..ca76f88b4c4c2f69baad49b70e8f00264a9a5490 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -4848,7 +4848,7 @@ static inline bool ieee80211_mle_basic_sta_prof_size_ok(const u8 *data,
        if (control & IEEE80211_MLE_STA_CONTROL_DTIM_INFO_PRESENT)
                info_len += 2;
        if (control & IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE &&
-           control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE) {
+           control & IEEE80211_MLE_STA_CONTROL_NSTR_LINK_PAIR_PRESENT) {
                if (control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE)
                        info_len += 2;
                else
@@ -4887,7 +4887,7 @@ ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(const struct ieee80211_mle_per_sta
        if (control & IEEE80211_MLE_STA_CONTROL_DTIM_INFO_PRESENT)
                pos += 2;
        if (control & IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE &&
-           control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE) {
+           control & IEEE80211_MLE_STA_CONTROL_NSTR_LINK_PAIR_PRESENT) {
                if (control & IEEE80211_MLE_STA_CONTROL_NSTR_BITMAP_SIZE)
                        pos += 2;
                else