aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/ap/ap_list.c2
-rw-r--r--src/common/hw_features_common.c6
-rw-r--r--src/common/ieee802_11_common.c3
-rw-r--r--src/common/ieee802_11_common.h1
4 files changed, 5 insertions, 7 deletions
diff --git a/src/ap/ap_list.c b/src/ap/ap_list.c
index 47a2c4b..78a1f7c 100644
--- a/src/ap/ap_list.c
+++ b/src/ap/ap_list.c
@@ -200,7 +200,7 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
if (elems->ds_params)
ap->channel = elems->ds_params[0];
- else if (elems->ht_operation && elems->ht_operation_len >= 1)
+ else if (elems->ht_operation)
ap->channel = elems->ht_operation[0];
else if (fi)
ap->channel = fi->channel;
diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c
index 8f90fff..e61f824 100644
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -152,8 +152,7 @@ void get_pri_sec_chan(struct wpa_scan_res *bss, int *pri_chan, int *sec_chan)
*pri_chan = *sec_chan = 0;
ieee802_11_parse_elems((u8 *) (bss + 1), bss->ie_len, &elems, 0);
- if (elems.ht_operation &&
- elems.ht_operation_len >= sizeof(*oper)) {
+ if (elems.ht_operation) {
oper = (struct ieee80211_ht_operation *) elems.ht_operation;
*pri_chan = oper->primary_chan;
if (oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
@@ -253,8 +252,7 @@ int check_20mhz_bss(struct wpa_scan_res *bss, int pri_freq, int start, int end)
return 1;
}
- if (elems.ht_operation &&
- elems.ht_operation_len >= sizeof(*oper)) {
+ if (elems.ht_operation) {
oper = (struct ieee80211_ht_operation *) elems.ht_operation;
if (oper->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)
return 0;
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 922dea0..85d6ca8 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -270,8 +270,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
elems->ht_capabilities = pos;
break;
case WLAN_EID_HT_OPERATION:
+ if (elen < sizeof(struct ieee80211_ht_operation))
+ break;
elems->ht_operation = pos;
- elems->ht_operation_len = elen;
break;
case WLAN_EID_MESH_CONFIG:
elems->mesh_config = pos;
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index 24e558e..33e60b2 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -61,7 +61,6 @@ struct ieee802_11_elems {
u8 supp_channels_len;
u8 mdie_len;
u8 ftie_len;
- u8 ht_operation_len;
u8 mesh_config_len;
u8 mesh_id_len;
u8 peer_mgmt_len;