TDLS: Fix checks on prohibit bits

ext_capab/ext_capab_len do not include ID and Length so no extra +2
offset should be used. This fixes a regression from commit
faf427645a ('TDLS: Use proper IE parsing
routine for non-EAPOL-Key cases') that replaced the IE parser without
noticing the difference in the pointer offset.

Signed-off-by: Flavia Vanetti <flavia.vanetti@ceva-dsp.com>
This commit is contained in:
Cedric Izoard 2016-10-24 11:05:11 +00:00 committed by Jouni Malinen
parent c2ad5b9218
commit 8c889222bc

View file

@ -2878,14 +2878,14 @@ void wpa_tdls_disassoc(struct wpa_sm *sm)
static int wpa_tdls_prohibited(struct ieee802_11_elems *elems)
{
/* bit 38 - TDLS Prohibited */
return !!(elems->ext_capab[2 + 4] & 0x40);
return !!(elems->ext_capab[4] & 0x40);
}
static int wpa_tdls_chan_switch_prohibited(struct ieee802_11_elems *elems)
{
/* bit 39 - TDLS Channel Switch Prohibited */
return !!(elems->ext_capab[2 + 4] & 0x80);
return !!(elems->ext_capab[4] & 0x80);
}
@ -2898,7 +2898,7 @@ void wpa_tdls_ap_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
if (ies == NULL ||
ieee802_11_parse_elems(ies, len, &elems, 0) == ParseFailed ||
elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
elems.ext_capab == NULL || elems.ext_capab_len < 5)
return;
sm->tdls_prohibited = wpa_tdls_prohibited(&elems);
@ -2917,7 +2917,7 @@ void wpa_tdls_assoc_resp_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
if (ies == NULL ||
ieee802_11_parse_elems(ies, len, &elems, 0) == ParseFailed ||
elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
elems.ext_capab == NULL || elems.ext_capab_len < 5)
return;
if (!sm->tdls_prohibited && wpa_tdls_prohibited(&elems)) {