From 79ba1d8910f517c3bd39d794ddb1a5b4c03795c4 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 27 Mar 2013 14:38:07 +0100 Subject: [PATCH] mac80211: parse Timeout Interval Element using a struct Instead of open-coding the accesses and length check do the length check in the IE parser and assign a struct pointer for use in the remaining code. Signed-off-by: Johannes Berg --- include/linux/ieee80211.h | 10 ++++++++++ net/mac80211/ieee80211_i.h | 3 +-- net/mac80211/mlme.c | 6 +++--- net/mac80211/util.c | 6 ++++-- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index d10b5bba3268..e46fea8b972e 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -1955,6 +1955,16 @@ enum ieee80211_timeout_interval_type { WLAN_TIMEOUT_ASSOC_COMEBACK = 3 /* 802.11w */, }; +/** + * struct ieee80211_timeout_interval_ie - Timeout Interval element + * @type: type, see &enum ieee80211_timeout_interval_type + * @value: timeout interval value + */ +struct ieee80211_timeout_interval_ie { + u8 type; + __le32 value; +} __packed; + /* BACK action code */ enum ieee80211_back_actioncode { WLAN_ACTION_ADDBA_REQ = 0, diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 6ad019d32623..c783e996bcce 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1180,7 +1180,7 @@ struct ieee802_11_elems { const struct ieee80211_channel_sw_ie *ch_switch_ie; const u8 *country_elem; const u8 *pwr_constr_elem; - const u8 *timeout_int; + const struct ieee80211_timeout_interval_ie *timeout_int; const u8 *opmode_notif; /* length of them, respectively */ @@ -1198,7 +1198,6 @@ struct ieee802_11_elems { u8 prep_len; u8 perr_len; u8 country_elem_len; - u8 timeout_int_len; /* whether a parse error occurred while retrieving these elements */ bool parse_error; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 157d951df7a4..304d6cfc6250 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -2629,10 +2629,10 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && - elems.timeout_int && elems.timeout_int_len == 5 && - elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { + elems.timeout_int && + elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { u32 tu, ms; - tu = get_unaligned_le32(elems.timeout_int + 1); + tu = le32_to_cpu(elems.timeout_int->value); ms = tu * 1024 / 1000; sdata_info(sdata, "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 4839dec5c9ac..f9581c6378ae 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -874,8 +874,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, elems->pwr_constr_elem = pos; break; case WLAN_EID_TIMEOUT_INTERVAL: - elems->timeout_int = pos; - elems->timeout_int_len = elen; + if (elen >= sizeof(struct ieee80211_timeout_interval_ie)) + elems->timeout_int = (void *)pos; + else + elem_parse_failed = true; break; default: break;