nl80211: fix nlmsg allocation in cfg80211_ft_event

Allocation size of nlmsg in cfg80211_ft_event is based on ric_ies_len
and doesn't take into account ies_len. This leads to
NL80211_CMD_FT_EVENT message construction failure in case ft_event
contains large enough ies buffer.
Add ies_len to the nlmsg allocation size.

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index a052693c2e852b856f96d304cb97b6ddd0ff5319..7c5135a92d764448bac44bff8c4107cba7ea5c1c 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -15555,7 +15555,8 @@ void cfg80211_ft_event(struct net_device *netdev,
        if (!ft_event->target_ap)
                return;
 
-       msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
+       msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
+                       GFP_KERNEL);
        if (!msg)
                return;