[PATCH] RRM: Don't request LCI and civic if not supported
Jouni Malinen
j at w1.fi
Tue Sep 30 13:41:19 PDT 2025
On Thu, Jul 24, 2025 at 02:00:45PM +0200, Benjamin Berg wrote:
> Check that FTM responder capability bit in extended capabily IE and LCI and
> location civic bits in RRM enabled capability IE are set before sending LCI and
> location civic request in neighbor report request. If they are not set, don't
> include the corresponding sub-elements in the neighbor report request.
> This change is according to IEEE Std 802.11-2024 11.10.10.2 (Requesting
> a neighbor report).
Thanks, applied with some fixes.
> diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
> + if (lci && (rrm_ie[3] & WLAN_RRM_CAPS_LCI_MEASUREMENT)) {
> + if (civic && (rrm_ie[6] & WLAN_RRM_CAPS_CIVIC_LOCATION_MEASUREMENT)) {
In particular, those need element length checking to avoid potential
read buffer overflows of the RM Enabled Capabilities element.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list