Simplify Timeout Interval element parsing
Remove the length field from struct ieee802_11_elems since the only allowed element length is five and that is checked by the parser. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
e8997b9407
commit
b39a05913a
4 changed files with 3 additions and 7 deletions
|
@ -263,7 +263,6 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
|
||||||
if (elen != 5)
|
if (elen != 5)
|
||||||
break;
|
break;
|
||||||
elems->timeout_int = pos;
|
elems->timeout_int = pos;
|
||||||
elems->timeout_int_len = elen;
|
|
||||||
break;
|
break;
|
||||||
case WLAN_EID_HT_CAP:
|
case WLAN_EID_HT_CAP:
|
||||||
elems->ht_capabilities = pos;
|
elems->ht_capabilities = pos;
|
||||||
|
|
|
@ -61,7 +61,6 @@ struct ieee802_11_elems {
|
||||||
u8 supp_channels_len;
|
u8 supp_channels_len;
|
||||||
u8 mdie_len;
|
u8 mdie_len;
|
||||||
u8 ftie_len;
|
u8 ftie_len;
|
||||||
u8 timeout_int_len;
|
|
||||||
u8 ht_capabilities_len;
|
u8 ht_capabilities_len;
|
||||||
u8 ht_operation_len;
|
u8 ht_operation_len;
|
||||||
u8 mesh_config_len;
|
u8 mesh_config_len;
|
||||||
|
|
|
@ -348,7 +348,6 @@ static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
|
||||||
"AssocResp from " MACSTR,
|
"AssocResp from " MACSTR,
|
||||||
MAC2STR(mgmt->sa));
|
MAC2STR(mgmt->sa));
|
||||||
} else if (elems.timeout_int == NULL ||
|
} else if (elems.timeout_int == NULL ||
|
||||||
elems.timeout_int_len != 5 ||
|
|
||||||
elems.timeout_int[0] !=
|
elems.timeout_int[0] !=
|
||||||
WLAN_TIMEOUT_ASSOC_COMEBACK) {
|
WLAN_TIMEOUT_ASSOC_COMEBACK) {
|
||||||
add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
|
add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
|
||||||
|
@ -481,7 +480,6 @@ static void rx_mgmt_reassoc_resp(struct wlantest *wt, const u8 *data,
|
||||||
"ReassocResp from " MACSTR,
|
"ReassocResp from " MACSTR,
|
||||||
MAC2STR(mgmt->sa));
|
MAC2STR(mgmt->sa));
|
||||||
} else if (elems.timeout_int == NULL ||
|
} else if (elems.timeout_int == NULL ||
|
||||||
elems.timeout_int_len != 5 ||
|
|
||||||
elems.timeout_int[0] !=
|
elems.timeout_int[0] !=
|
||||||
WLAN_TIMEOUT_ASSOC_COMEBACK) {
|
WLAN_TIMEOUT_ASSOC_COMEBACK) {
|
||||||
add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
|
add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
|
||||||
|
|
|
@ -147,7 +147,7 @@ static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + elems->rsn_ie_len +
|
len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + elems->rsn_ie_len +
|
||||||
2 + elems->timeout_int_len + 2 + elems->ftie_len;
|
2 + 5 + 2 + elems->ftie_len;
|
||||||
|
|
||||||
buf = os_zalloc(len);
|
buf = os_zalloc(len);
|
||||||
if (buf == NULL)
|
if (buf == NULL)
|
||||||
|
@ -169,8 +169,8 @@ static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
|
||||||
os_memcpy(pos, elems->rsn_ie - 2, 2 + elems->rsn_ie_len);
|
os_memcpy(pos, elems->rsn_ie - 2, 2 + elems->rsn_ie_len);
|
||||||
pos += 2 + elems->rsn_ie_len;
|
pos += 2 + elems->rsn_ie_len;
|
||||||
/* 6) Timeout Interval IE */
|
/* 6) Timeout Interval IE */
|
||||||
os_memcpy(pos, elems->timeout_int - 2, 2 + elems->timeout_int_len);
|
os_memcpy(pos, elems->timeout_int - 2, 2 + 5);
|
||||||
pos += 2 + elems->timeout_int_len;
|
pos += 2 + 5;
|
||||||
/* 7) FTIE, with the MIC field of the FTIE set to 0 */
|
/* 7) FTIE, with the MIC field of the FTIE set to 0 */
|
||||||
os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
|
os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
|
||||||
pos += 2;
|
pos += 2;
|
||||||
|
|
Loading…
Reference in a new issue