aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2012-09-05 07:07:00 -0400
committerJohannes Berg <johannes.berg@intel.com>2012-09-06 11:11:00 -0400
commit761a48d2603c0ff48024bc70c129b00ec37639ed (patch)
treea445a44200d62a5304335dd31be3e3d9a44289f1 /net/mac80211
parentf8fffc7e51462f51ffca6d0df505ef16afee2fb6 (diff)
mac80211: check power constraint IE size when parsing
The power constraint IE is always a single byte so check the size when parsing instead of later. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/ieee80211_i.h1
-rw-r--r--net/mac80211/mlme.c10
-rw-r--r--net/mac80211/util.c5
3 files changed, 6 insertions, 10 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index e2ab03c773e3..b95fa256d438 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1165,7 +1165,6 @@ struct ieee802_11_elems {
1165 u8 prep_len; 1165 u8 prep_len;
1166 u8 perr_len; 1166 u8 perr_len;
1167 u8 country_elem_len; 1167 u8 country_elem_len;
1168 u8 pwr_constr_elem_len;
1169 u8 quiet_elem_len; 1168 u8 quiet_elem_len;
1170 u8 num_of_quiet_elem; /* can be more the one */ 1169 u8 num_of_quiet_elem; /* can be more the one */
1171 u8 timeout_int_len; 1170 u8 timeout_int_len;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 6e374cb04af6..87466942fa82 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -821,18 +821,13 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
821} 821}
822 822
823static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 823static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
824 u16 capab_info, u8 *pwr_constr_elem, 824 u16 capab_info, u8 *pwr_constr_elem)
825 u8 pwr_constr_elem_len)
826{ 825{
827 struct ieee80211_conf *conf = &sdata->local->hw.conf; 826 struct ieee80211_conf *conf = &sdata->local->hw.conf;
828 827
829 if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT)) 828 if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT))
830 return; 829 return;
831 830
832 /* Power constraint IE length should be 1 octet */
833 if (pwr_constr_elem_len != 1)
834 return;
835
836 if ((*pwr_constr_elem <= conf->channel->max_reg_power) && 831 if ((*pwr_constr_elem <= conf->channel->max_reg_power) &&
837 (*pwr_constr_elem != sdata->local->power_constr_level)) { 832 (*pwr_constr_elem != sdata->local->power_constr_level)) {
838 sdata->local->power_constr_level = *pwr_constr_elem; 833 sdata->local->power_constr_level = *pwr_constr_elem;
@@ -2552,8 +2547,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2552 if (elems.pwr_constr_elem) 2547 if (elems.pwr_constr_elem)
2553 ieee80211_handle_pwr_constr(sdata, 2548 ieee80211_handle_pwr_constr(sdata,
2554 le16_to_cpu(mgmt->u.probe_resp.capab_info), 2549 le16_to_cpu(mgmt->u.probe_resp.capab_info),
2555 elems.pwr_constr_elem, 2550 elems.pwr_constr_elem);
2556 elems.pwr_constr_elem_len);
2557 } 2551 }
2558 2552
2559 ieee80211_bss_info_change_notify(sdata, changed); 2553 ieee80211_bss_info_change_notify(sdata, changed);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 471fb0516c99..ed7543960b16 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -792,8 +792,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
792 elems->country_elem_len = elen; 792 elems->country_elem_len = elen;
793 break; 793 break;
794 case WLAN_EID_PWR_CONSTRAINT: 794 case WLAN_EID_PWR_CONSTRAINT:
795 if (elen != 1) {
796 elem_parse_failed = true;
797 break;
798 }
795 elems->pwr_constr_elem = pos; 799 elems->pwr_constr_elem = pos;
796 elems->pwr_constr_elem_len = elen;
797 break; 800 break;
798 case WLAN_EID_TIMEOUT_INTERVAL: 801 case WLAN_EID_TIMEOUT_INTERVAL:
799 elems->timeout_int = pos; 802 elems->timeout_int = pos;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-03 03:41:29 -0500