From: Benjamin Berg <benjamin.berg@intel.com>
Date: Sun, 18 Jun 2023 18:50:00 +0000 (+0300)
Subject: wifi: cfg80211: stop parsing after allocation failure
X-Git-Tag: v6.5-rc1~163^2~28^2~78
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=8dcc91c446687727f88997a2e177cdab740ef092;p=linux-2.6-block.git

wifi: cfg80211: stop parsing after allocation failure

The error handling code would break out of the loop incorrectly,
causing the rest of the message to be misinterpreted. Fix this by
also jumping out of the surrounding while loop, which will trigger
the error detection code.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230618214436.0ffac98475cf.I6f5c08a09f5c9fced01497b95a9841ffd1b039f8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index df868662e1e0..91671698aaec 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -707,7 +707,7 @@ static int cfg80211_parse_colocated_ap(const struct cfg80211_bss_ies *ies,
 					GFP_ATOMIC);
 
 			if (!entry)
-				break;
+				goto error;
 
 			entry->center_freq = freq;
 
@@ -723,6 +723,7 @@ static int cfg80211_parse_colocated_ap(const struct cfg80211_bss_ies *ies,
 		}
 	}
 
+error:
 	if (pos != end) {
 		cfg80211_free_coloc_ap_list(&ap_list);
 		return 0;