Simplify HT Operation element parsing

Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/ap/ap_list.c

@@ -200,7 +200,7 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
 
 	if (elems->ds_params)
 		ap->channel = elems->ds_params[0];
-	else if (elems->ht_operation && elems->ht_operation_len >= 1)
+	else if (elems->ht_operation)
 		ap->channel = elems->ht_operation[0];
 	else if (fi)
 		ap->channel = fi->channel;

src/common/hw_features_common.c

@@ -152,8 +152,7 @@ void get_pri_sec_chan(struct wpa_scan_res *bss, int *pri_chan, int *sec_chan)
 	*pri_chan = *sec_chan = 0;
 
 	ieee802_11_parse_elems((u8 *) (bss + 1), bss->ie_len, &elems, 0);
-	if (elems.ht_operation &&
+	if (elems.ht_operation) {
-	    elems.ht_operation_len >= sizeof(*oper)) {
 		oper = (struct ieee80211_ht_operation *) elems.ht_operation;
 		*pri_chan = oper->primary_chan;
 		if (oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
@@ -253,8 +252,7 @@ int check_20mhz_bss(struct wpa_scan_res *bss, int pri_freq, int start, int end)
 		return 1;
 	}
 
-	if (elems.ht_operation &&
+	if (elems.ht_operation) {
-	    elems.ht_operation_len >= sizeof(*oper)) {
 		oper = (struct ieee80211_ht_operation *) elems.ht_operation;
 		if (oper->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)
 			return 0;

src/common/ieee802_11_common.c

@@ -270,8 +270,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
 			elems->ht_capabilities = pos;
 			break;
 		case WLAN_EID_HT_OPERATION:
+			if (elen < sizeof(struct ieee80211_ht_operation))
+				break;
 			elems->ht_operation = pos;
-			elems->ht_operation_len = elen;
 			break;
 		case WLAN_EID_MESH_CONFIG:
 			elems->mesh_config = pos;

src/common/ieee802_11_common.h

@@ -61,7 +61,6 @@ struct ieee802_11_elems {
 	u8 supp_channels_len;
 	u8 mdie_len;
 	u8 ftie_len;
-	u8 ht_operation_len;
 	u8 mesh_config_len;
 	u8 mesh_id_len;
 	u8 peer_mgmt_len;