Do not add extra IEs to scan request if they do not fit driver limit

author Jouni Malinen <j@w1.fi>

Fri, 27 Dec 2024 20:36:29 +0000 (22:36 +0200)

committer Jouni Malinen <j@w1.fi>

Fri, 27 Dec 2024 20:36:29 +0000 (22:36 +0200)
author Jouni Malinen <j@w1.fi>
Fri, 27 Dec 2024 20:36:29 +0000 (22:36 +0200)
committer Jouni Malinen <j@w1.fi>
Fri, 27 Dec 2024 20:36:29 +0000 (22:36 +0200)
diff --git a/wpa_supplicant/mbo.c b/wpa_supplicant/mbo.c

index 51f8e021287aec1d09a45028f842c7bcdc245e2f..dff75415df6e7a2b69b395141d912afdeec807f7 100644 (file)
--- a/wpa_supplicant/mbo.c
+++ b/wpa_supplicant/mbo.c
@@ -460,6 +460,10 @@ void wpas_mbo_scan_ie(struct wpa_supplicant *wpa_s, struct wpabuf *ie)
  {
         u8 *len;
  
+       if (wpa_s->drv_max_probe_req_ie_len <
+           9 + ((wpa_s->enable_oce & OCE_STA) ? 3 : 0))
+               return;
+
         wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
         len = wpabuf_put(ie, 1);
  
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c

index 79ca29ba40e93f4cf918b738df6b1fed460d3298..869f0b39f8f18a7b2ca6501acc15a959b4913db2 100644 (file)
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -605,7 +605,8 @@ void wpa_supplicant_mesh_add_scan_ie(struct wpa_supplicant *wpa_s,
         /* EID + 0-length (wildcard) mesh-id */
         size_t ielen = 2;
  
-       if (wpabuf_resize(extra_ie, ielen) == 0) {
+       if (ielen <= wpa_s->drv_max_probe_req_ie_len &&
+           wpabuf_resize(extra_ie, ielen) == 0) {
                 wpabuf_put_u8(*extra_ie, WLAN_EID_MESH_ID);
                 wpabuf_put_u8(*extra_ie, 0);
         }
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c

index 46dfcf24b1435d7ffe319ead687453d1dbcdf34e..ccedcc9542c26d05109530a1405bc0e2a4caecea 100644 (file)
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -750,17 +750,20 @@ static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s)
         ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
                                              sizeof(ext_capab), NULL);
         if (ext_capab_len > 0 &&
+           (size_t) ext_capab_len < wpa_s->drv_max_probe_req_ie_len &&
             wpabuf_resize(&extra_ie, ext_capab_len) == 0)
                 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len);
  
  #ifdef CONFIG_INTERWORKING
         if (wpa_s->conf->interworking &&
+           wpa_s->drv_max_probe_req_ie_len >= 2 &&
             wpabuf_resize(&extra_ie, 100) == 0)
                 wpas_add_interworking_elements(wpa_s, extra_ie);
  #endif /* CONFIG_INTERWORKING */
  
  #ifdef CONFIG_MBO
-       if (wpa_s->enable_oce & OCE_STA)
+       if ((wpa_s->enable_oce & OCE_STA) &&
+           wpa_s->drv_max_probe_req_ie_len >= 5)
                 wpas_fils_req_param_add_max_channel(wpa_s, &extra_ie);
  #endif /* CONFIG_MBO */
  
@@ -774,17 +777,19 @@ static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s)
                                                 &wpa_s->wps->dev,
                                                 wpa_s->wps->uuid, req_type,
                                                 0, NULL);
-               if (wps_ie) {
-                       if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0)
-                               wpabuf_put_buf(extra_ie, wps_ie);
-                       wpabuf_free(wps_ie);
-               }
+               if (wps_ie &&
+                   wpabuf_len(wps_ie) <= wpa_s->drv_max_probe_req_ie_len &&
+                   wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0)
+                       wpabuf_put_buf(extra_ie, wps_ie);
+               wpabuf_free(wps_ie);
         }
  
  #ifdef CONFIG_P2P
         if (wps) {
                 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p);
-               if (wpabuf_resize(&extra_ie, ielen) == 0)
+
+               if (ielen <= wpa_s->drv_max_probe_req_ie_len &&
+                   wpabuf_resize(&extra_ie, ielen) == 0)
                         wpas_p2p_scan_ie(wpa_s, extra_ie);
         }
  #endif /* CONFIG_P2P */
@@ -794,12 +799,14 @@ static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s)
  #endif /* CONFIG_WPS */
  
  #ifdef CONFIG_HS20
-       if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 9) == 0)
+       if (wpa_s->conf->hs20 && wpa_s->drv_max_probe_req_ie_len >= 9 &&
+           wpabuf_resize(&extra_ie, 9) == 0)
                 wpas_hs20_add_indication(extra_ie, -1, 0);
  #endif /* CONFIG_HS20 */
  
  #ifdef CONFIG_FST
         if (wpa_s->fst_ies &&
+           wpa_s->drv_max_probe_req_ie_len >= wpabuf_len(wpa_s->fst_ies) &&
             wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0)
                 wpabuf_put_buf(extra_ie, wpa_s->fst_ies);
  #endif /* CONFIG_FST */
@@ -813,7 +820,8 @@ static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s)
         if (wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]) {
                 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ];
  
-               if (wpabuf_resize(&extra_ie, wpabuf_len(buf)) == 0)
+               if (wpa_s->drv_max_probe_req_ie_len >= wpabuf_len(buf) &&
+                   wpabuf_resize(&extra_ie, wpabuf_len(buf)) == 0)
                         wpabuf_put_buf(extra_ie, buf);
         }
author	Jouni Malinen <j@w1.fi>
	Fri, 27 Dec 2024 20:36:29 +0000 (22:36 +0200)
committer	Jouni Malinen <j@w1.fi>
	Fri, 27 Dec 2024 20:36:29 +0000 (22:36 +0200)
wpa_supplicant/mbo.c		patch \| blob \| blame \| history
wpa_supplicant/mesh.c		patch \| blob \| blame \| history
wpa_supplicant/scan.c		patch \| blob \| blame \| history