Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1946bed9 authored by Johannes Berg's avatar Johannes Berg
Browse files

mac80211: check ERP info IE length in parser 



It's always just one byte, so check for that and
remove the length field from the parser struct.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 1cd8e88e

net/mac80211/ieee80211_i.h

+0 −1
Original line number Diff line number Diff line
@@ -1189,7 +1189,6 @@ struct ieee802_11_elems { 
	u8 tim_len;

	u8 challenge_len;

	u8 rsn_len;

	u8 erp_info_len;

	u8 ext_supp_rates_len;

	u8 wmm_info_len;

	u8 wmm_param_len;

net/mac80211/mlme.c

+1 −1
Original line number Diff line number Diff line
@@ -3038,7 +3038,7 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 
		changed |= BSS_CHANGED_DTIM_PERIOD;

	}



	if (elems.erp_info && elems.erp_info_len >= 1) {

	if (elems.erp_info) {

		erp_valid = true;

		erp_value = elems.erp_info[0];

	} else {

net/mac80211/scan.c

+2 −3
Original line number Diff line number Diff line
@@ -98,8 +98,7 @@ ieee80211_bss_info_update(struct ieee80211_local *local, 
	}



	/* save the ERP value so that it is available at association time */

	if (elems->erp_info && elems->erp_info_len >= 1 &&

			(!elems->parse_error ||

	if (elems->erp_info && (!elems->parse_error ||

				!(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {

		bss->erp_value = elems->erp_info[0];

		bss->has_erp_value = true;

net/mac80211/util.c

+4 −2
Original line number Diff line number Diff line
@@ -780,8 +780,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, 
			elems->rsn_len = elen;

			break;

		case WLAN_EID_ERP_INFO:

			if (elen >= 1)

				elems->erp_info = pos;

			elems->erp_info_len = elen;

			else

				elem_parse_failed = true;

			break;

		case WLAN_EID_EXT_SUPP_RATES:

			elems->ext_supp_rates = pos;