mac80211: check DSSS params IE length in parser

It's always just one byte, so check for that and
remove the length field from the parser struct.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 5ab32e2..2a0b218 100644 (file)
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -463,7 +463,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
        struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band];
        bool rates_updated = false;
 
-       if (elems->ds_params && elems->ds_params_len == 1)
+       if (elems->ds_params)
                freq = ieee80211_channel_to_frequency(elems->ds_params[0],
                                                      band);
        else

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index bb4bfe4..eccd1d8 100644 (file)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1186,7 +1186,6 @@ struct ieee802_11_elems {
        /* length of them, respectively */
        u8 ssid_len;
        u8 supp_rates_len;
-       u8 ds_params_len;
        u8 tim_len;
        u8 challenge_len;
        u8 rsn_len;

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index aead541..0acc287 100644 (file)
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -907,7 +907,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
            (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE))
                return;
 
-       if (elems.ds_params && elems.ds_params_len == 1)
+       if (elems.ds_params)
                freq = ieee80211_channel_to_frequency(elems.ds_params[0], band);
        else
                freq = rx_status->freq;

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index e12fedc..f76c58f 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2695,7 +2695,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
                }
        }
 
-       if (elems->ds_params && elems->ds_params_len == 1)
+       if (elems->ds_params)
                freq = ieee80211_channel_to_frequency(elems->ds_params[0],
                                                      rx_status->band);
        else

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 2708b27..0f7d1c2 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -739,8 +739,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
                        elems->supp_rates_len = elen;
                        break;
                case WLAN_EID_DS_PARAMS:
-                       elems->ds_params = pos;
-                       elems->ds_params_len = elen;
+                       if (elen >= 1)
+                               elems->ds_params = pos;
+                       else
+                               elem_parse_failed = true;
                        break;
                case WLAN_EID_TIM:
                        if (elen >= sizeof(struct ieee80211_tim_ie)) {