cfg80211: verify format of uAPSD information

The format is intended to be like the subfields
in the QoS Info field, verify that is the case.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index f4cfd3a..1108954 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2627,10 +2627,15 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
                if (tb[NL80211_STA_WME_UAPSD_QUEUES])
                        params.uapsd_queues =
                             nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
+               if (params.uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
+                       return -EINVAL;
 
                if (tb[NL80211_STA_WME_MAX_SP])
                        params.max_sp =
                             nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
+
+               if (params.max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
+                       return -EINVAL;
        }
 
        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&