mac80211: check power constraint IE size when parsing (761a48d2) · Commits · e / devices / android_kernel_xiaomi_sm6125

net/mac80211/ieee80211_i.h

+0 −1

Original line number	Diff line number	Diff line
		@@ -1165,7 +1165,6 @@ struct ieee802_11_elems {
		u8 prep_len;
		u8 perr_len;
		u8 country_elem_len;
		u8 pwr_constr_elem_len;
		u8 quiet_elem_len;
		u8 num_of_quiet_elem; /* can be more the one */
		u8 timeout_int_len;

+2 −8

Original line number	Diff line number	Diff line
		@@ -821,18 +821,13 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
		}

		static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
		u16 capab_info, u8 *pwr_constr_elem,
		u8 pwr_constr_elem_len)
		u16 capab_info, u8 *pwr_constr_elem)
		{
		struct ieee80211_conf *conf = &sdata->local->hw.conf;

		if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT))
		return;

		/* Power constraint IE length should be 1 octet */
		if (pwr_constr_elem_len != 1)
		return;

		if ((*pwr_constr_elem <= conf->channel->max_reg_power) &&
		(*pwr_constr_elem != sdata->local->power_constr_level)) {
		sdata->local->power_constr_level = *pwr_constr_elem;
		@@ -2552,8 +2547,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
		if (elems.pwr_constr_elem)
		ieee80211_handle_pwr_constr(sdata,
		le16_to_cpu(mgmt->u.probe_resp.capab_info),
		elems.pwr_constr_elem,
		elems.pwr_constr_elem_len);
		elems.pwr_constr_elem);
		}

		ieee80211_bss_info_change_notify(sdata, changed);

+4 −1

Original line number	Diff line number	Diff line
		@@ -792,8 +792,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
		elems->country_elem_len = elen;
		break;
		case WLAN_EID_PWR_CONSTRAINT:
		if (elen != 1) {
		elem_parse_failed = true;
		break;
		}
		elems->pwr_constr_elem = pos;
		elems->pwr_constr_elem_len = elen;
		break;
		case WLAN_EID_TIMEOUT_INTERVAL:
		elems->timeout_int = pos;