From: Ilan Peer <ilan.peer@intel.com>
Date: Sat, 15 Dec 2018 09:03:25 +0000 (+0200)
Subject: mac80211: Properly access radiotap vendor data
X-Git-Tag: Ubuntu-5.4-5.4.0-11.14~3867^2~46^2
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=d359bbce0601c6a19203a4b813a7e3910fcba282;p=mirror_ubuntu-focal-kernel.git

mac80211: Properly access radiotap vendor data

The radiotap vendor data might be placed after some other
radiotap elements, and thus when accessing it, need to access
the correct offset in the skb data. Fix the code accordingly.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c90904ce6e99..b33d37186576 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -762,8 +762,12 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
 	if (status->flag & RX_FLAG_RADIOTAP_HE_MU)
 		rtap_space += sizeof(struct ieee80211_radiotap_he_mu);
 
+	if (status->flag & RX_FLAG_RADIOTAP_LSIG)
+		rtap_space += sizeof(struct ieee80211_radiotap_lsig);
+
 	if (unlikely(status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA)) {
-		struct ieee80211_vendor_radiotap *rtap = (void *)origskb->data;
+		struct ieee80211_vendor_radiotap *rtap =
+			(void *)(origskb->data + rtap_space);
 
 		rtap_space += sizeof(*rtap) + rtap->len + rtap->pad;
 	}