]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c18aef6)
MLD: Support multiple TBTT Information fields in RNR elements
authorBen Greear <greearb@candelatech.com>
Sat, 28 Oct 2023 23:24:35 +0000 (16:24 -0700)
committerJouni Malinen <j@w1.fi>
Tue, 7 Nov 2023 17:38:06 +0000 (19:38 +0200)
The Reduced Neighbor Report element can include one or more TBTT
Information fields.  Only the first one was parsed previously. Extend
this to use a loop to go through all included TBTT Information fields.

Signed-off-by: Ben Greear <greearb@candelatech.com>
wpa_supplicant/sme.c patch | blob | blame | history

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index adb0ee46a29236d6bcf100a700baabee72ffaede..e6888f5671c534539d7916991bd12c1a47a3d902 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -435,9 +435,18 @@ static void wpas_process_rnr(struct wpa_supplicant *wpa_s, const u8 *pos,
        while (rnr_ie_len > sizeof(struct ieee80211_neighbor_ap_info)) {
                const struct ieee80211_neighbor_ap_info *ap_info =
                        (const struct ieee80211_neighbor_ap_info *) pos;
+               /* The first TBTT Information field */
                const u8 *data = ap_info->data;
-               size_t len = sizeof(struct ieee80211_neighbor_ap_info) +
-                       ap_info->tbtt_info_len;
+               u8 tbtt_count;
+               size_t len;
+               int tbtt_i;
+
+               if (rnr_ie_len < sizeof(struct ieee80211_neighbor_ap_info))
+                       break;
+
+               tbtt_count = (ap_info->tbtt_info_hdr >> 4) + 1;
+               len = sizeof(struct ieee80211_neighbor_ap_info) +
+                       ap_info->tbtt_info_len * tbtt_count;
 
                wpa_printf(MSG_DEBUG, "MLD: op_class=%u, channel=%u",
                           ap_info->op_class, ap_info->channel);
@@ -451,7 +460,10 @@ static void wpas_process_rnr(struct wpa_supplicant *wpa_s, const u8 *pos,
                        continue;
                }
 
-               wpas_process_tbtt_info(wpa_s, data);
+               for (tbtt_i = 0; tbtt_i < tbtt_count; tbtt_i++) {
+                       wpas_process_tbtt_info(wpa_s, data);
+                       data += ap_info->tbtt_info_len;
+               }
 
                rnr_ie_len -= len;
                pos += len;
Unnamed repository; edit this file 'description' to name the repository.