mac80211: check power constraint IE size when parsing

The power constraint IE is always a single byte
so check the size when parsing instead of later.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index e2ab03c773e38713004c385dd200c8c7726c90f8..b95fa256d438d299e6c4c7b0ee74c793831ce399 100644 (file)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1165,7 +1165,6 @@ struct ieee802_11_elems {
        u8 prep_len;
        u8 perr_len;
        u8 country_elem_len;
-       u8 pwr_constr_elem_len;
        u8 quiet_elem_len;
        u8 num_of_quiet_elem;   /* can be more the one */
        u8 timeout_int_len;

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 6e374cb04af68336341c4dee0e1d247025664974..87466942fa825385cb48c509486d2e908bfd0708 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -821,18 +821,13 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
 }
 
 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
-                                       u16 capab_info, u8 *pwr_constr_elem,
-                                       u8 pwr_constr_elem_len)
+                                       u16 capab_info, u8 *pwr_constr_elem)
 {
        struct ieee80211_conf *conf = &sdata->local->hw.conf;
 
        if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT))
                return;
 
-       /* Power constraint IE length should be 1 octet */
-       if (pwr_constr_elem_len != 1)
-               return;
-
        if ((*pwr_constr_elem <= conf->channel->max_reg_power) &&
            (*pwr_constr_elem != sdata->local->power_constr_level)) {
                sdata->local->power_constr_level = *pwr_constr_elem;
@@ -2552,8 +2547,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
                if (elems.pwr_constr_elem)
                        ieee80211_handle_pwr_constr(sdata,
                                le16_to_cpu(mgmt->u.probe_resp.capab_info),
-                               elems.pwr_constr_elem,
-                               elems.pwr_constr_elem_len);
+                               elems.pwr_constr_elem);
        }
 
        ieee80211_bss_info_change_notify(sdata, changed);

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 471fb0516c99453b3543a2c47b82476594e83f34..ed7543960b16b4574ab8032415636182493d231b 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -792,8 +792,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
                        elems->country_elem_len = elen;
                        break;
                case WLAN_EID_PWR_CONSTRAINT:
+                       if (elen != 1) {
+                               elem_parse_failed = true;
+                               break;
+                       }
                        elems->pwr_constr_elem = pos;
-                       elems->pwr_constr_elem_len = elen;
                        break;
                case WLAN_EID_TIMEOUT_INTERVAL:
                        elems->timeout_int = pos;