From e8997b94075f1faa1fda1d4d7bb23b7cd300de11 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 19 Apr 2015 16:35:52 +0300
Subject: [PATCH] Simplify ERP element parsing

Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the only allowed element length is one.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/ap/ap_list.c               | 2 +-
 src/common/ieee802_11_common.c | 3 ++-
 src/common/ieee802_11_common.h | 1 -
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ap/ap_list.c b/src/ap/ap_list.c
index 8cccd833a..47a2c4bd7 100644
--- a/src/ap/ap_list.c
+++ b/src/ap/ap_list.c
@@ -193,7 +193,7 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
 			  elems->supp_rates, elems->supp_rates_len,
 			  elems->ext_supp_rates, elems->ext_supp_rates_len);
 
-	if (elems->erp_info && elems->erp_info_len == 1)
+	if (elems->erp_info)
 		ap->erp = elems->erp_info[0];
 	else
 		ap->erp = -1;
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 140f92070..69ffa8f4c 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -223,8 +223,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
 			elems->challenge_len = elen;
 			break;
 		case WLAN_EID_ERP_INFO:
+			if (elen < 1)
+				break;
 			elems->erp_info = pos;
-			elems->erp_info_len = elen;
 			break;
 		case WLAN_EID_EXT_SUPP_RATES:
 			elems->ext_supp_rates = pos;
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index 0a71bc86f..ae99f7f5d 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -52,7 +52,6 @@ struct ieee802_11_elems {
 	u8 ssid_len;
 	u8 supp_rates_len;
 	u8 challenge_len;
-	u8 erp_info_len;
 	u8 ext_supp_rates_len;
 	u8 wpa_ie_len;
 	u8 rsn_ie_len;