Simplify HT Operation element parsing

Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ap_list.c b/src/ap/ap_list.c
index 47a2c4b..78a1f7c 100644 (file)
--- a/src/ap/ap_list.c
+++ b/src/ap/ap_list.c
@@ -200,7 +200,7 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
 
        if (elems->ds_params)
                ap->channel = elems->ds_params[0];
-       else if (elems->ht_operation && elems->ht_operation_len >= 1)
+       else if (elems->ht_operation)
                ap->channel = elems->ht_operation[0];
        else if (fi)
                ap->channel = fi->channel;

diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c
index 8f90fff..e61f824 100644 (file)
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -152,8 +152,7 @@ void get_pri_sec_chan(struct wpa_scan_res *bss, int *pri_chan, int *sec_chan)
        *pri_chan = *sec_chan = 0;
 
        ieee802_11_parse_elems((u8 *) (bss + 1), bss->ie_len, &elems, 0);
-       if (elems.ht_operation &&
-           elems.ht_operation_len >= sizeof(*oper)) {
+       if (elems.ht_operation) {
                oper = (struct ieee80211_ht_operation *) elems.ht_operation;
                *pri_chan = oper->primary_chan;
                if (oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
@@ -253,8 +252,7 @@ int check_20mhz_bss(struct wpa_scan_res *bss, int pri_freq, int start, int end)
                return 1;
        }
 
-       if (elems.ht_operation &&
-           elems.ht_operation_len >= sizeof(*oper)) {
+       if (elems.ht_operation) {
                oper = (struct ieee80211_ht_operation *) elems.ht_operation;
                if (oper->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)
                        return 0;

diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 922dea0..85d6ca8 100644 (file)
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -270,8 +270,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
                        elems->ht_capabilities = pos;
                        break;
                case WLAN_EID_HT_OPERATION:
+                       if (elen < sizeof(struct ieee80211_ht_operation))
+                               break;
                        elems->ht_operation = pos;
-                       elems->ht_operation_len = elen;
                        break;
                case WLAN_EID_MESH_CONFIG:
                        elems->mesh_config = pos;

diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index 24e558e..33e60b2 100644 (file)
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -61,7 +61,6 @@ struct ieee802_11_elems {
        u8 supp_channels_len;
        u8 mdie_len;
        u8 ftie_len;
-       u8 ht_operation_len;
        u8 mesh_config_len;
        u8 mesh_id_len;
        u8 peer_mgmt_len;