staging: r8188eu: use ie buffer in update_beacon_info

The update_beacon_info function parses information elements of a beacon
message. It should take the pointer to the information elements and their
total length, not the entire beacon message.

Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Link: https://lore.kernel.org/r/20221126160129.178697-6-martin@kaiser.cx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/r8188eu/core/rtw_mlme_ext.c b/drivers/staging/r8188eu/core/rtw_mlme_ext.c
index 07c57a2..38dc98c 100644 (file)
--- a/drivers/staging/r8188eu/core/rtw_mlme_ext.c
+++ b/drivers/staging/r8188eu/core/rtw_mlme_ext.c
@@ -604,7 +604,7 @@ static void OnBeacon(struct adapter *padapter, struct recv_frame *precv_frame)
                                /* update WMM, ERP in the beacon */
                                /* todo: the timer is used instead of the number of the beacon received */
                                if ((sta_rx_pkts(psta) & 0xf) == 0)
-                                       update_beacon_info(padapter, pframe, len, psta);
+                                       update_beacon_info(padapter, ie_ptr, ie_len, psta);
                                process_p2p_ps_ie(padapter, ie_ptr, ie_len);
                        }
                } else if ((pmlmeinfo->state & 0x03) == WIFI_FW_ADHOC_STATE) {
@@ -613,7 +613,7 @@ static void OnBeacon(struct adapter *padapter, struct recv_frame *precv_frame)
                                /* update WMM, ERP in the beacon */
                                /* todo: the timer is used instead of the number of the beacon received */
                                if ((sta_rx_pkts(psta) & 0xf) == 0)
-                                       update_beacon_info(padapter, pframe, len, psta);
+                                       update_beacon_info(padapter, ie_ptr, ie_len, psta);
                        } else {
                                /* allocate a new CAM entry for IBSS station */
                                cam_idx = allocate_fw_sta_entry(padapter);

diff --git a/drivers/staging/r8188eu/core/rtw_wlan_util.c b/drivers/staging/r8188eu/core/rtw_wlan_util.c
index 965bb7d..da3465d 100644 (file)
--- a/drivers/staging/r8188eu/core/rtw_wlan_util.c
+++ b/drivers/staging/r8188eu/core/rtw_wlan_util.c
@@ -1035,16 +1035,13 @@ _mismatch:
        return _FAIL;
 }
 
-void update_beacon_info(struct adapter *padapter, u8 *pframe, uint pkt_len, struct sta_info *psta)
+void update_beacon_info(struct adapter *padapter, u8 *ie_ptr, uint ie_len, struct sta_info *psta)
 {
        unsigned int i;
-       unsigned int len;
        struct ndis_802_11_var_ie *pIE;
 
-       len = pkt_len - (_BEACON_IE_OFFSET_ + WLAN_HDR_A3_LEN);
-
-       for (i = 0; i < len;) {
-               pIE = (struct ndis_802_11_var_ie *)(pframe + (_BEACON_IE_OFFSET_ + WLAN_HDR_A3_LEN) + i);
+       for (i = 0; i < ie_len;) {
+               pIE = (struct ndis_802_11_var_ie *)(ie_ptr + i);
 
                switch (pIE->ElementID) {
                case _HT_EXTRA_INFO_IE_:        /* HT info */

diff --git a/drivers/staging/r8188eu/include/rtw_mlme_ext.h b/drivers/staging/r8188eu/include/rtw_mlme_ext.h
index 089bd54..6724424 100644 (file)
--- a/drivers/staging/r8188eu/include/rtw_mlme_ext.h
+++ b/drivers/staging/r8188eu/include/rtw_mlme_ext.h
@@ -447,8 +447,7 @@ void HTOnAssocRsp(struct adapter *padapter);
 void ERP_IE_handler(struct adapter *padapter, struct ndis_802_11_var_ie *pIE);
 void VCS_update(struct adapter *padapter, struct sta_info *psta);
 
-void update_beacon_info(struct adapter *padapter, u8 *pframe, uint len,
-                       struct sta_info *psta);
+void update_beacon_info(struct adapter *padapter, u8 *ie_ptr, uint ie_len, struct sta_info *psta);
 int rtw_check_bcn_info(struct adapter  *Adapter, u8 *pframe, u32 packet_len);
 void update_IOT_info(struct adapter *padapter);
 void update_capinfo(struct adapter *adapter, u16 updatecap);