From 018da8b60688caec763d75cc6fb022a165028cea Mon Sep 17 00:00:00 2001 From: Martin Kaiser Date: Sat, 26 Nov 2022 17:01:24 +0100 Subject: [PATCH] staging: r8188eu: use ie buffer in update_beacon_info The update_beacon_info function parses information elements of a beacon message. It should take the pointer to the information elements and their total length, not the entire beacon message. Tested-by: Philipp Hortmann # Edimax N150 Signed-off-by: Martin Kaiser Link: https://lore.kernel.org/r/20221126160129.178697-6-martin@kaiser.cx Signed-off-by: Greg Kroah-Hartman --- drivers/staging/r8188eu/core/rtw_mlme_ext.c | 4 ++-- drivers/staging/r8188eu/core/rtw_wlan_util.c | 9 +++------ drivers/staging/r8188eu/include/rtw_mlme_ext.h | 3 +-- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/drivers/staging/r8188eu/core/rtw_mlme_ext.c b/drivers/staging/r8188eu/core/rtw_mlme_ext.c index 07c57a2..38dc98c 100644 --- a/drivers/staging/r8188eu/core/rtw_mlme_ext.c +++ b/drivers/staging/r8188eu/core/rtw_mlme_ext.c @@ -604,7 +604,7 @@ static void OnBeacon(struct adapter *padapter, struct recv_frame *precv_frame) /* update WMM, ERP in the beacon */ /* todo: the timer is used instead of the number of the beacon received */ if ((sta_rx_pkts(psta) & 0xf) == 0) - update_beacon_info(padapter, pframe, len, psta); + update_beacon_info(padapter, ie_ptr, ie_len, psta); process_p2p_ps_ie(padapter, ie_ptr, ie_len); } } else if ((pmlmeinfo->state & 0x03) == WIFI_FW_ADHOC_STATE) { @@ -613,7 +613,7 @@ static void OnBeacon(struct adapter *padapter, struct recv_frame *precv_frame) /* update WMM, ERP in the beacon */ /* todo: the timer is used instead of the number of the beacon received */ if ((sta_rx_pkts(psta) & 0xf) == 0) - update_beacon_info(padapter, pframe, len, psta); + update_beacon_info(padapter, ie_ptr, ie_len, psta); } else { /* allocate a new CAM entry for IBSS station */ cam_idx = allocate_fw_sta_entry(padapter); diff --git a/drivers/staging/r8188eu/core/rtw_wlan_util.c b/drivers/staging/r8188eu/core/rtw_wlan_util.c index 965bb7d..da3465d 100644 --- a/drivers/staging/r8188eu/core/rtw_wlan_util.c +++ b/drivers/staging/r8188eu/core/rtw_wlan_util.c @@ -1035,16 +1035,13 @@ _mismatch: return _FAIL; } -void update_beacon_info(struct adapter *padapter, u8 *pframe, uint pkt_len, struct sta_info *psta) +void update_beacon_info(struct adapter *padapter, u8 *ie_ptr, uint ie_len, struct sta_info *psta) { unsigned int i; - unsigned int len; struct ndis_802_11_var_ie *pIE; - len = pkt_len - (_BEACON_IE_OFFSET_ + WLAN_HDR_A3_LEN); - - for (i = 0; i < len;) { - pIE = (struct ndis_802_11_var_ie *)(pframe + (_BEACON_IE_OFFSET_ + WLAN_HDR_A3_LEN) + i); + for (i = 0; i < ie_len;) { + pIE = (struct ndis_802_11_var_ie *)(ie_ptr + i); switch (pIE->ElementID) { case _HT_EXTRA_INFO_IE_: /* HT info */ diff --git a/drivers/staging/r8188eu/include/rtw_mlme_ext.h b/drivers/staging/r8188eu/include/rtw_mlme_ext.h index 089bd54..6724424 100644 --- a/drivers/staging/r8188eu/include/rtw_mlme_ext.h +++ b/drivers/staging/r8188eu/include/rtw_mlme_ext.h @@ -447,8 +447,7 @@ void HTOnAssocRsp(struct adapter *padapter); void ERP_IE_handler(struct adapter *padapter, struct ndis_802_11_var_ie *pIE); void VCS_update(struct adapter *padapter, struct sta_info *psta); -void update_beacon_info(struct adapter *padapter, u8 *pframe, uint len, - struct sta_info *psta); +void update_beacon_info(struct adapter *padapter, u8 *ie_ptr, uint ie_len, struct sta_info *psta); int rtw_check_bcn_info(struct adapter *Adapter, u8 *pframe, u32 packet_len); void update_IOT_info(struct adapter *padapter); void update_capinfo(struct adapter *adapter, u16 updatecap); -- 2.7.4