Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cf831ffe authored by Amitkumar Karwar's avatar Amitkumar Karwar Committed by John W. Linville
Browse files

mwifiex: fix IE parsing issues 



IE's are parsed from beacon buffer and stored locally using
mwifiex_update_bss_desc_with_ie() function.
Sometimes the local pointers point to the data inside IE, but
while using them it is assumed that they are pointing to the IE
itself.

These issues are fixed in this patch.

Signed-off-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: default avatarAvinash Patil <patila@marvell.com>
Signed-off-by: default avatarBing Zhao <bzhao@marvell.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 3977a647

drivers/net/wireless/mwifiex/11ac.c

+1 −2
Original line number Diff line number Diff line
@@ -212,8 +212,7 @@ int mwifiex_cmd_append_11ac_tlv(struct mwifiex_private *priv, 
				      sizeof(struct mwifiex_ie_types_header));

			memcpy((u8 *)vht_op +

				sizeof(struct mwifiex_ie_types_header),

			       (u8 *)bss_desc->bcn_vht_oper +

			       sizeof(struct ieee_types_header),

			       (u8 *)bss_desc->bcn_vht_oper,

			       le16_to_cpu(vht_op->header.len));



			/* negotiate the channel width and central freq

drivers/net/wireless/mwifiex/11n.c

+1 −2
Original line number Diff line number Diff line
@@ -345,8 +345,7 @@ mwifiex_cmd_append_11n_tlv(struct mwifiex_private *priv, 


			memcpy((u8 *) ht_info +

			       sizeof(struct mwifiex_ie_types_header),

			       (u8 *) bss_desc->bcn_ht_oper +

			       sizeof(struct ieee_types_header),

			       (u8 *)bss_desc->bcn_ht_oper,

			       le16_to_cpu(ht_info->header.len));



			if (!(sband->ht_cap.cap &

drivers/net/wireless/mwifiex/scan.c

+7 −13
Original line number Diff line number Diff line
@@ -1340,23 +1340,17 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, 
					      bss_entry->beacon_buf);

			break;

		case WLAN_EID_BSS_COEX_2040:

			bss_entry->bcn_bss_co_2040 = current_ptr +

				sizeof(struct ieee_types_header);

			bss_entry->bss_co_2040_offset = (u16) (current_ptr +

					sizeof(struct ieee_types_header) -

						bss_entry->beacon_buf);

			bss_entry->bcn_bss_co_2040 = current_ptr;

			bss_entry->bss_co_2040_offset =

				(u16) (current_ptr - bss_entry->beacon_buf);

			break;

		case WLAN_EID_EXT_CAPABILITY:

			bss_entry->bcn_ext_cap = current_ptr +

				sizeof(struct ieee_types_header);

			bss_entry->ext_cap_offset = (u16) (current_ptr +

					sizeof(struct ieee_types_header) -

					bss_entry->beacon_buf);

			bss_entry->bcn_ext_cap = current_ptr;

			bss_entry->ext_cap_offset =

				(u16) (current_ptr - bss_entry->beacon_buf);

			break;

		case WLAN_EID_OPMODE_NOTIF:

			bss_entry->oper_mode =

				(void *)(current_ptr +

					 sizeof(struct ieee_types_header));

			bss_entry->oper_mode = (void *)current_ptr;

			bss_entry->oper_mode_offset =

					(u16)((u8 *)bss_entry->oper_mode -

					      bss_entry->beacon_buf);