Simplify VHT Capabilities element parsing
Check the element length in the parser and remove the length field from struct ieee802_11_elems since the element is of fixed length. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
baae4cb9b4
commit
40baac0e43
8 changed files with 9 additions and 13 deletions
|
|
@ -1295,8 +1295,7 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
#endif /* CONFIG_IEEE80211N */
|
#endif /* CONFIG_IEEE80211N */
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211AC
|
#ifdef CONFIG_IEEE80211AC
|
||||||
resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities,
|
resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
|
||||||
elems.vht_capabilities_len);
|
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (resp != WLAN_STATUS_SUCCESS)
|
||||||
return resp;
|
return resp;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -70,7 +70,7 @@ void update_ht_state(struct hostapd_data *hapd, struct sta_info *sta);
|
||||||
void ht40_intolerant_add(struct hostapd_iface *iface, struct sta_info *sta);
|
void ht40_intolerant_add(struct hostapd_iface *iface, struct sta_info *sta);
|
||||||
void ht40_intolerant_remove(struct hostapd_iface *iface, struct sta_info *sta);
|
void ht40_intolerant_remove(struct hostapd_iface *iface, struct sta_info *sta);
|
||||||
u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *vht_capab, size_t vht_capab_len);
|
const u8 *vht_capab);
|
||||||
u16 set_sta_vht_opmode(struct hostapd_data *hapd, struct sta_info *sta,
|
u16 set_sta_vht_opmode(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *vht_opmode);
|
const u8 *vht_opmode);
|
||||||
void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
|
void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
|
||||||
|
|
|
||||||
|
|
@ -132,11 +132,10 @@ static int check_valid_vht_mcs(struct hostapd_hw_modes *mode,
|
||||||
|
|
||||||
|
|
||||||
u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *vht_capab, size_t vht_capab_len)
|
const u8 *vht_capab)
|
||||||
{
|
{
|
||||||
/* Disable VHT caps for STAs associated to no-VHT BSSes. */
|
/* Disable VHT caps for STAs associated to no-VHT BSSes. */
|
||||||
if (!vht_capab ||
|
if (!vht_capab ||
|
||||||
vht_capab_len < sizeof(struct ieee80211_vht_capabilities) ||
|
|
||||||
hapd->conf->disable_11ac ||
|
hapd->conf->disable_11ac ||
|
||||||
!check_valid_vht_mcs(hapd->iface->current_mode, vht_capab)) {
|
!check_valid_vht_mcs(hapd->iface->current_mode, vht_capab)) {
|
||||||
sta->flags &= ~WLAN_STA_VHT;
|
sta->flags &= ~WLAN_STA_VHT;
|
||||||
|
|
|
||||||
|
|
@ -286,8 +286,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
|
||||||
elems->peer_mgmt_len = elen;
|
elems->peer_mgmt_len = elen;
|
||||||
break;
|
break;
|
||||||
case WLAN_EID_VHT_CAP:
|
case WLAN_EID_VHT_CAP:
|
||||||
|
if (elen < sizeof(struct ieee80211_vht_capabilities))
|
||||||
|
break;
|
||||||
elems->vht_capabilities = pos;
|
elems->vht_capabilities = pos;
|
||||||
elems->vht_capabilities_len = elen;
|
|
||||||
break;
|
break;
|
||||||
case WLAN_EID_VHT_OPERATION:
|
case WLAN_EID_VHT_OPERATION:
|
||||||
elems->vht_operation = pos;
|
elems->vht_operation = pos;
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,6 @@ struct ieee802_11_elems {
|
||||||
u8 mesh_config_len;
|
u8 mesh_config_len;
|
||||||
u8 mesh_id_len;
|
u8 mesh_id_len;
|
||||||
u8 peer_mgmt_len;
|
u8 peer_mgmt_len;
|
||||||
u8 vht_capabilities_len;
|
|
||||||
u8 vht_operation_len;
|
u8 vht_operation_len;
|
||||||
u8 vendor_ht_cap_len;
|
u8 vendor_ht_cap_len;
|
||||||
u8 vendor_vht_len;
|
u8 vendor_vht_len;
|
||||||
|
|
|
||||||
|
|
@ -1603,9 +1603,7 @@ static int copy_peer_ht_capab(const struct wpa_eapol_ie_parse *kde,
|
||||||
static int copy_peer_vht_capab(const struct wpa_eapol_ie_parse *kde,
|
static int copy_peer_vht_capab(const struct wpa_eapol_ie_parse *kde,
|
||||||
struct wpa_tdls_peer *peer)
|
struct wpa_tdls_peer *peer)
|
||||||
{
|
{
|
||||||
if (!kde->vht_capabilities ||
|
if (!kde->vht_capabilities) {
|
||||||
kde->vht_capabilities_len <
|
|
||||||
sizeof(struct ieee80211_vht_capabilities) ) {
|
|
||||||
wpa_printf(MSG_DEBUG, "TDLS: No supported vht capabilities "
|
wpa_printf(MSG_DEBUG, "TDLS: No supported vht capabilities "
|
||||||
"received");
|
"received");
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -559,9 +559,10 @@ int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
|
||||||
} else if (*pos == WLAN_EID_VHT_AID) {
|
} else if (*pos == WLAN_EID_VHT_AID) {
|
||||||
if (pos[1] >= 2)
|
if (pos[1] >= 2)
|
||||||
ie->aid = WPA_GET_LE16(pos + 2) & 0x3fff;
|
ie->aid = WPA_GET_LE16(pos + 2) & 0x3fff;
|
||||||
} else if (*pos == WLAN_EID_VHT_CAP) {
|
} else if (*pos == WLAN_EID_VHT_CAP &&
|
||||||
|
pos[1] >= sizeof(struct ieee80211_vht_capabilities))
|
||||||
|
{
|
||||||
ie->vht_capabilities = pos + 2;
|
ie->vht_capabilities = pos + 2;
|
||||||
ie->vht_capabilities_len = pos[1];
|
|
||||||
} else if (*pos == WLAN_EID_QOS && pos[1] >= 1) {
|
} else if (*pos == WLAN_EID_QOS && pos[1] >= 1) {
|
||||||
ie->qosinfo = pos[2];
|
ie->qosinfo = pos[2];
|
||||||
} else if (*pos == WLAN_EID_SUPPORTED_CHANNELS) {
|
} else if (*pos == WLAN_EID_SUPPORTED_CHANNELS) {
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,6 @@ struct wpa_eapol_ie_parse {
|
||||||
size_t ext_supp_rates_len;
|
size_t ext_supp_rates_len;
|
||||||
const u8 *ht_capabilities;
|
const u8 *ht_capabilities;
|
||||||
const u8 *vht_capabilities;
|
const u8 *vht_capabilities;
|
||||||
size_t vht_capabilities_len;
|
|
||||||
const u8 *supp_channels;
|
const u8 *supp_channels;
|
||||||
size_t supp_channels_len;
|
size_t supp_channels_len;
|
||||||
const u8 *supp_oper_classes;
|
const u8 *supp_oper_classes;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue