On Tue, Apr 14, 2026 at 08:19:00AM +0000, Dan Carpenter wrote:
> Looks good.
>
> Reviewed-by: Dan Carpenter <error27@gmail.com>
>
>                        p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + _AUTH_IE_OFFSET_, WLAN_EID_CHALLENGE, (int *)&len,
>                                       ^^^^^^
> Do we know that pframe has enough data?
>
> KTODO: check if pframe is large enough in OnAuthClient()

Good catch. There's no minimum length check before the subtraction,
so a frame shorter than WLAN_HDR_A3_LEN + _AUTH_IE_OFFSET_ (30 bytes)
would cause pkt_len to underflow since it's unsigned. I'll send a
follow-up patch adding the check.

Thanks for the review.

Alexandru