From 42f1ee7d1fae8a67a2a48adfda19f9aafc3fef32 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 5 Feb 2009 12:00:23 +0200 Subject: [PATCH] Fixed scan buffer increasing with WEXT We can now handle up to 65535 byte result buffer which is the maximum due to WEXT using 16-bit length field. Previously, this was limited to 32768 bytes in practice even through we tried with 65536 and 131072 buffers which we just truncated into 0 in the 16-bit variable. This more or less doubles the number of BSSes we can received from scan results. --- hostapd/driver_nl80211.c | 4 +++- src/drivers/driver_nl80211.c | 4 +++- src/drivers/driver_wext.c | 4 +++- wpa_supplicant/ChangeLog | 2 ++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/hostapd/driver_nl80211.c b/hostapd/driver_nl80211.c index 7946b1e17..3cb74d167 100644 --- a/hostapd/driver_nl80211.c +++ b/hostapd/driver_nl80211.c @@ -2291,10 +2291,12 @@ static int i802_get_ht_scan_res(struct i802_driver_data *drv) if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) break; - if (errno == E2BIG && res_buf_len < 100000) { + if (errno == E2BIG && res_buf_len < 65535) { os_free(res_buf); res_buf = NULL; res_buf_len *= 2; + if (res_buf_len > 65535) + res_buf_len = 65535; /* 16-bit length field */ wpa_printf(MSG_DEBUG, "Scan results did not fit - " "trying larger buffer (%lu bytes)", (unsigned long) res_buf_len); diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 5e40cd235..2646270fc 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -1565,10 +1565,12 @@ static u8 * wpa_driver_nl80211_giwscan(struct wpa_driver_nl80211_data *drv, if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) break; - if (errno == E2BIG && res_buf_len < 100000) { + if (errno == E2BIG && res_buf_len < 65535) { os_free(res_buf); res_buf = NULL; res_buf_len *= 2; + if (res_buf_len > 65535) + res_buf_len = 65535; /* 16-bit length field */ wpa_printf(MSG_DEBUG, "Scan results did not fit - " "trying larger buffer (%lu bytes)", (unsigned long) res_buf_len); diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c index b6273e537..631c63d0c 100644 --- a/src/drivers/driver_wext.c +++ b/src/drivers/driver_wext.c @@ -1140,10 +1140,12 @@ static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv, if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) break; - if (errno == E2BIG && res_buf_len < 100000) { + if (errno == E2BIG && res_buf_len < 65535) { os_free(res_buf); res_buf = NULL; res_buf_len *= 2; + if (res_buf_len > 65535) + res_buf_len = 65535; /* 16-bit length field */ wpa_printf(MSG_DEBUG, "Scan results did not fit - " "trying larger buffer (%lu bytes)", (unsigned long) res_buf_len); diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index 4be767028..1d46ff930 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -3,6 +3,8 @@ ChangeLog for wpa_supplicant ????-??-?? - v0.7.0 * increased wpa_cli ping interval to 5 seconds and made this configurable with a new command line options (-G) + * fixed scan buffer processing with WEXT to handle up to 65535 + byte result buffer (previously, limited to 32768 bytes) 2009-01-06 - v0.6.7 * added support for Wi-Fi Protected Setup (WPS)