aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-04-19 14:00:45 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-22 19:05:11 (GMT)
commit40baac0e432cacffc92d8790c83bde5bb93a8285 (patch)
treea651c15e14ef80a1563dd793b825c0833988f74c /src/rsn_supp
parentbaae4cb9b410f373e5e5a4b1a390091432932825 (diff)
downloadhostap-40baac0e432cacffc92d8790c83bde5bb93a8285.zip
hostap-40baac0e432cacffc92d8790c83bde5bb93a8285.tar.gz
hostap-40baac0e432cacffc92d8790c83bde5bb93a8285.tar.bz2
Simplify VHT Capabilities element parsing
Check the element length in the parser and remove the length field from struct ieee802_11_elems since the element is of fixed length. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/tdls.c4
-rw-r--r--src/rsn_supp/wpa_ie.c5
-rw-r--r--src/rsn_supp/wpa_ie.h1
3 files changed, 4 insertions, 6 deletions
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index 490fcaa..6b1df71 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -1603,9 +1603,7 @@ static int copy_peer_ht_capab(const struct wpa_eapol_ie_parse *kde,
static int copy_peer_vht_capab(const struct wpa_eapol_ie_parse *kde,
struct wpa_tdls_peer *peer)
{
- if (!kde->vht_capabilities ||
- kde->vht_capabilities_len <
- sizeof(struct ieee80211_vht_capabilities) ) {
+ if (!kde->vht_capabilities) {
wpa_printf(MSG_DEBUG, "TDLS: No supported vht capabilities "
"received");
return 0;
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index ec3eab0..0c37b35 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -559,9 +559,10 @@ int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
} else if (*pos == WLAN_EID_VHT_AID) {
if (pos[1] >= 2)
ie->aid = WPA_GET_LE16(pos + 2) & 0x3fff;
- } else if (*pos == WLAN_EID_VHT_CAP) {
+ } else if (*pos == WLAN_EID_VHT_CAP &&
+ pos[1] >= sizeof(struct ieee80211_vht_capabilities))
+ {
ie->vht_capabilities = pos + 2;
- ie->vht_capabilities_len = pos[1];
} else if (*pos == WLAN_EID_QOS && pos[1] >= 1) {
ie->qosinfo = pos[2];
} else if (*pos == WLAN_EID_SUPPORTED_CHANNELS) {
diff --git a/src/rsn_supp/wpa_ie.h b/src/rsn_supp/wpa_ie.h
index edabfc7..fe95af0 100644
--- a/src/rsn_supp/wpa_ie.h
+++ b/src/rsn_supp/wpa_ie.h
@@ -51,7 +51,6 @@ struct wpa_eapol_ie_parse {
size_t ext_supp_rates_len;
const u8 *ht_capabilities;
const u8 *vht_capabilities;
- size_t vht_capabilities_len;
const u8 *supp_channels;
size_t supp_channels_len;
const u8 *supp_oper_classes;