aboutsummaryrefslogtreecommitdiffstats
path: root/net/wireless/sme.c
diff options
context:
space:
mode:
authorNishant Sarmukadam <nishants@marvell.com>2010-04-15 01:03:02 -0400
committerJohn W. Linville <linville@tuxdriver.com>2010-04-16 15:32:00 -0400
commit7834704be4777fc0ed67c4486ef8c5691078d135 (patch)
tree564172ac8ae0a31bb47d4a22d2bad043ed9bad8d /net/wireless/sme.c
parent61c2a80b960361a930a4e3c4c0df694713b9dafd (diff)
cfg80211: Avoid sending IWEVASSOCREQIE and IWEVASSOCRESPIE events with NULL event body
In a scenario, where a cfg80211 driver (station mode) does not send assoc request and assoc response IEs in cfg80211_connect_result after a successful association to an AP, cfg80211 sends IWEVASSOCREQIE and IWEVASSOCRESPIE to the user space application with NULL data. This can cause an issue at the event recipient. An example of this is when cfg80211 sends IWEVASSOCREQIE and IWEVASSOCRESPIE events with NULL event body to wpa_supplicant. The wpa_supplicant overwrites the assoc request and assoc response IEs for this station with NULL data. If the association is WPA/WPA2, the wpa_supplicant is not able to generate EAPOL handshake messages, since the IEs are NULL. With the patch, req_ie and resp_ie will be NULL by avoiding the assignment if the driver has not sent the IEs to cfg80211. The event sending code sends the events only if resp_ie and req_ie are not NULL. This will ensure that the events are not sent with NULL event body. Signed-off-by: Nishant Sarmukadam <nishants@marvell.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless/sme.c')
-rw-r--r--net/wireless/sme.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 17465777eb47..dcd7685242f7 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -517,12 +517,16 @@ void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
517 ev->type = EVENT_CONNECT_RESULT; 517 ev->type = EVENT_CONNECT_RESULT;
518 if (bssid) 518 if (bssid)
519 memcpy(ev->cr.bssid, bssid, ETH_ALEN); 519 memcpy(ev->cr.bssid, bssid, ETH_ALEN);
520 ev->cr.req_ie = ((u8 *)ev) + sizeof(*ev); 520 if (req_ie_len) {
521 ev->cr.req_ie_len = req_ie_len; 521 ev->cr.req_ie = ((u8 *)ev) + sizeof(*ev);
522 memcpy((void *)ev->cr.req_ie, req_ie, req_ie_len); 522 ev->cr.req_ie_len = req_ie_len;
523 ev->cr.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len; 523 memcpy((void *)ev->cr.req_ie, req_ie, req_ie_len);
524 ev->cr.resp_ie_len = resp_ie_len; 524 }
525 memcpy((void *)ev->cr.resp_ie, resp_ie, resp_ie_len); 525 if (resp_ie_len) {
526 ev->cr.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
527 ev->cr.resp_ie_len = resp_ie_len;
528 memcpy((void *)ev->cr.resp_ie, resp_ie, resp_ie_len);
529 }
526 ev->cr.status = status; 530 ev->cr.status = status;
527 531
528 spin_lock_irqsave(&wdev->event_lock, flags); 532 spin_lock_irqsave(&wdev->event_lock, flags);