Simplify HT Capabilities element parsing
Check the element length in the parser and remove the length field from struct ieee802_11_elems since the element is of fixed length. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
b39a05913a
commit
baae4cb9b4
11 changed files with 10 additions and 20 deletions
|
|
@ -126,8 +126,6 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
||||||
#ifdef CONFIG_IEEE80211N
|
#ifdef CONFIG_IEEE80211N
|
||||||
#ifdef NEED_AP_MLME
|
#ifdef NEED_AP_MLME
|
||||||
if (elems.ht_capabilities &&
|
if (elems.ht_capabilities &&
|
||||||
elems.ht_capabilities_len >=
|
|
||||||
sizeof(struct ieee80211_ht_capabilities) &&
|
|
||||||
(hapd->iface->conf->ht_capab &
|
(hapd->iface->conf->ht_capab &
|
||||||
HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) {
|
HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) {
|
||||||
struct ieee80211_ht_capabilities *ht_cap =
|
struct ieee80211_ht_capabilities *ht_cap =
|
||||||
|
|
|
||||||
|
|
@ -1282,8 +1282,7 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (resp != WLAN_STATUS_SUCCESS)
|
||||||
return resp;
|
return resp;
|
||||||
#ifdef CONFIG_IEEE80211N
|
#ifdef CONFIG_IEEE80211N
|
||||||
resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities,
|
resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
|
||||||
elems.ht_capabilities_len);
|
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (resp != WLAN_STATUS_SUCCESS)
|
||||||
return resp;
|
return resp;
|
||||||
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ void hostapd_get_vht_capab(struct hostapd_data *hapd,
|
||||||
struct ieee80211_vht_capabilities *vht_cap,
|
struct ieee80211_vht_capabilities *vht_cap,
|
||||||
struct ieee80211_vht_capabilities *neg_vht_cap);
|
struct ieee80211_vht_capabilities *neg_vht_cap);
|
||||||
u16 copy_sta_ht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
u16 copy_sta_ht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *ht_capab, size_t ht_capab_len);
|
const u8 *ht_capab);
|
||||||
u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta,
|
u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *ie, size_t len);
|
const u8 *ie, size_t len);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -310,7 +310,7 @@ void hostapd_2040_coex_action(struct hostapd_data *hapd,
|
||||||
|
|
||||||
|
|
||||||
u16 copy_sta_ht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
u16 copy_sta_ht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *ht_capab, size_t ht_capab_len)
|
const u8 *ht_capab)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Disable HT caps for STAs associated to no-HT BSSes, or for stations
|
* Disable HT caps for STAs associated to no-HT BSSes, or for stations
|
||||||
|
|
@ -318,7 +318,6 @@ u16 copy_sta_ht_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
* frame.
|
* frame.
|
||||||
*/
|
*/
|
||||||
if (!ht_capab ||
|
if (!ht_capab ||
|
||||||
ht_capab_len < sizeof(struct ieee80211_ht_capabilities) ||
|
|
||||||
!(sta->flags & WLAN_STA_WMM) || hapd->conf->disable_11n) {
|
!(sta->flags & WLAN_STA_WMM) || hapd->conf->disable_11n) {
|
||||||
sta->flags &= ~WLAN_STA_HT;
|
sta->flags &= ~WLAN_STA_HT;
|
||||||
os_free(sta->ht_capabilities);
|
os_free(sta->ht_capabilities);
|
||||||
|
|
|
||||||
|
|
@ -335,9 +335,7 @@ int check_40mhz_2g4(struct hostapd_hw_modes *mode,
|
||||||
|
|
||||||
ieee802_11_parse_elems((u8 *) (bss + 1), bss->ie_len, &elems,
|
ieee802_11_parse_elems((u8 *) (bss + 1), bss->ie_len, &elems,
|
||||||
0);
|
0);
|
||||||
if (elems.ht_capabilities &&
|
if (elems.ht_capabilities) {
|
||||||
elems.ht_capabilities_len >=
|
|
||||||
sizeof(struct ieee80211_ht_capabilities)) {
|
|
||||||
struct ieee80211_ht_capabilities *ht_cap =
|
struct ieee80211_ht_capabilities *ht_cap =
|
||||||
(struct ieee80211_ht_capabilities *)
|
(struct ieee80211_ht_capabilities *)
|
||||||
elems.ht_capabilities;
|
elems.ht_capabilities;
|
||||||
|
|
|
||||||
|
|
@ -265,8 +265,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
|
||||||
elems->timeout_int = pos;
|
elems->timeout_int = pos;
|
||||||
break;
|
break;
|
||||||
case WLAN_EID_HT_CAP:
|
case WLAN_EID_HT_CAP:
|
||||||
|
if (elen < sizeof(struct ieee80211_ht_capabilities))
|
||||||
|
break;
|
||||||
elems->ht_capabilities = pos;
|
elems->ht_capabilities = pos;
|
||||||
elems->ht_capabilities_len = elen;
|
|
||||||
break;
|
break;
|
||||||
case WLAN_EID_HT_OPERATION:
|
case WLAN_EID_HT_OPERATION:
|
||||||
elems->ht_operation = pos;
|
elems->ht_operation = pos;
|
||||||
|
|
|
||||||
|
|
@ -61,7 +61,6 @@ struct ieee802_11_elems {
|
||||||
u8 supp_channels_len;
|
u8 supp_channels_len;
|
||||||
u8 mdie_len;
|
u8 mdie_len;
|
||||||
u8 ftie_len;
|
u8 ftie_len;
|
||||||
u8 ht_capabilities_len;
|
|
||||||
u8 ht_operation_len;
|
u8 ht_operation_len;
|
||||||
u8 mesh_config_len;
|
u8 mesh_config_len;
|
||||||
u8 mesh_id_len;
|
u8 mesh_id_len;
|
||||||
|
|
|
||||||
|
|
@ -1577,9 +1577,7 @@ static int copy_supp_rates(const struct wpa_eapol_ie_parse *kde,
|
||||||
static int copy_peer_ht_capab(const struct wpa_eapol_ie_parse *kde,
|
static int copy_peer_ht_capab(const struct wpa_eapol_ie_parse *kde,
|
||||||
struct wpa_tdls_peer *peer)
|
struct wpa_tdls_peer *peer)
|
||||||
{
|
{
|
||||||
if (!kde->ht_capabilities ||
|
if (!kde->ht_capabilities) {
|
||||||
kde->ht_capabilities_len <
|
|
||||||
sizeof(struct ieee80211_ht_capabilities) ) {
|
|
||||||
wpa_printf(MSG_DEBUG, "TDLS: No supported ht capabilities "
|
wpa_printf(MSG_DEBUG, "TDLS: No supported ht capabilities "
|
||||||
"received");
|
"received");
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -553,9 +553,9 @@ int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
|
||||||
} else if (*pos == WLAN_EID_EXT_SUPP_RATES) {
|
} else if (*pos == WLAN_EID_EXT_SUPP_RATES) {
|
||||||
ie->ext_supp_rates = pos;
|
ie->ext_supp_rates = pos;
|
||||||
ie->ext_supp_rates_len = pos[1] + 2;
|
ie->ext_supp_rates_len = pos[1] + 2;
|
||||||
} else if (*pos == WLAN_EID_HT_CAP) {
|
} else if (*pos == WLAN_EID_HT_CAP &&
|
||||||
|
pos[1] >= sizeof(struct ieee80211_ht_capabilities)) {
|
||||||
ie->ht_capabilities = pos + 2;
|
ie->ht_capabilities = pos + 2;
|
||||||
ie->ht_capabilities_len = pos[1];
|
|
||||||
} else if (*pos == WLAN_EID_VHT_AID) {
|
} else if (*pos == WLAN_EID_VHT_AID) {
|
||||||
if (pos[1] >= 2)
|
if (pos[1] >= 2)
|
||||||
ie->aid = WPA_GET_LE16(pos + 2) & 0x3fff;
|
ie->aid = WPA_GET_LE16(pos + 2) & 0x3fff;
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,6 @@ struct wpa_eapol_ie_parse {
|
||||||
const u8 *ext_supp_rates;
|
const u8 *ext_supp_rates;
|
||||||
size_t ext_supp_rates_len;
|
size_t ext_supp_rates_len;
|
||||||
const u8 *ht_capabilities;
|
const u8 *ht_capabilities;
|
||||||
size_t ht_capabilities_len;
|
|
||||||
const u8 *vht_capabilities;
|
const u8 *vht_capabilities;
|
||||||
size_t vht_capabilities_len;
|
size_t vht_capabilities_len;
|
||||||
const u8 *supp_channels;
|
const u8 *supp_channels;
|
||||||
|
|
|
||||||
|
|
@ -551,8 +551,7 @@ static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s,
|
||||||
mesh_mpm_init_link(wpa_s, sta);
|
mesh_mpm_init_link(wpa_s, sta);
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211N
|
#ifdef CONFIG_IEEE80211N
|
||||||
copy_sta_ht_capab(data, sta, elems->ht_capabilities,
|
copy_sta_ht_capab(data, sta, elems->ht_capabilities);
|
||||||
elems->ht_capabilities_len);
|
|
||||||
update_ht_state(data, sta);
|
update_ht_state(data, sta);
|
||||||
#endif /* CONFIG_IEEE80211N */
|
#endif /* CONFIG_IEEE80211N */
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue