aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-04-19 13:48:21 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-22 19:05:11 (GMT)
commitbaae4cb9b410f373e5e5a4b1a390091432932825 (patch)
treeee1b0f4814ff6f79507eff7f2d3a12542d356c34 /src/rsn_supp
parentb39a05913a0cdec54cbe854385fb6e8a63d05be6 (diff)
downloadhostap-baae4cb9b410f373e5e5a4b1a390091432932825.zip
hostap-baae4cb9b410f373e5e5a4b1a390091432932825.tar.gz
hostap-baae4cb9b410f373e5e5a4b1a390091432932825.tar.bz2
Simplify HT Capabilities element parsing
Check the element length in the parser and remove the length field from struct ieee802_11_elems since the element is of fixed length. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/tdls.c4
-rw-r--r--src/rsn_supp/wpa_ie.c4
-rw-r--r--src/rsn_supp/wpa_ie.h1
3 files changed, 3 insertions, 6 deletions
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index c1d7749..490fcaa 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -1577,9 +1577,7 @@ static int copy_supp_rates(const struct wpa_eapol_ie_parse *kde,
static int copy_peer_ht_capab(const struct wpa_eapol_ie_parse *kde,
struct wpa_tdls_peer *peer)
{
- if (!kde->ht_capabilities ||
- kde->ht_capabilities_len <
- sizeof(struct ieee80211_ht_capabilities) ) {
+ if (!kde->ht_capabilities) {
wpa_printf(MSG_DEBUG, "TDLS: No supported ht capabilities "
"received");
return 0;
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index 5741a5b..ec3eab0 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -553,9 +553,9 @@ int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
} else if (*pos == WLAN_EID_EXT_SUPP_RATES) {
ie->ext_supp_rates = pos;
ie->ext_supp_rates_len = pos[1] + 2;
- } else if (*pos == WLAN_EID_HT_CAP) {
+ } else if (*pos == WLAN_EID_HT_CAP &&
+ pos[1] >= sizeof(struct ieee80211_ht_capabilities)) {
ie->ht_capabilities = pos + 2;
- ie->ht_capabilities_len = pos[1];
} else if (*pos == WLAN_EID_VHT_AID) {
if (pos[1] >= 2)
ie->aid = WPA_GET_LE16(pos + 2) & 0x3fff;
diff --git a/src/rsn_supp/wpa_ie.h b/src/rsn_supp/wpa_ie.h
index 0fc42cc..edabfc7 100644
--- a/src/rsn_supp/wpa_ie.h
+++ b/src/rsn_supp/wpa_ie.h
@@ -50,7 +50,6 @@ struct wpa_eapol_ie_parse {
const u8 *ext_supp_rates;
size_t ext_supp_rates_len;
const u8 *ht_capabilities;
- size_t ht_capabilities_len;
const u8 *vht_capabilities;
size_t vht_capabilities_len;
const u8 *supp_channels;