Length of the ies is not considered while allocating nl message for ft_event, though they are filled. Hence, consider the length also for nl_msg.
Signed-off-by: Srinivas Dasari <[email protected]> --- net/wireless/nl80211.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index bc40a78..8ad0bc0 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -15817,7 +15817,8 @@ void cfg80211_ft_event(struct net_device *netdev, if (!ft_event->target_ap) return; - msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL); + msg = nlmsg_new(100 + ft_event->ric_ies_len + ft_event->ies_len, + GFP_KERNEL); if (!msg) return; -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project
