Simplify VHT Operation element parsing

Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 85d6ca8c568d1949a36ea4542cb4b074ab964997..7843e6fea3fb253a5606bb834f137e879c1529c0 100644 (file)
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -292,8 +292,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
                        elems->vht_capabilities = pos;
                        break;
                case WLAN_EID_VHT_OPERATION:
+                       if (elen < sizeof(struct ieee80211_vht_operation))
+                               break;
                        elems->vht_operation = pos;
-                       elems->vht_operation_len = elen;
                        break;
                case WLAN_EID_VHT_OPERATING_MODE_NOTIFICATION:
                        if (elen != 1)

diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index 33e60b270c849865bc8359a67dd5aa49a3f78d3c..c84d8a7485e84c7a4a6996c0c9fe386cbc5c6134 100644 (file)
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -64,7 +64,6 @@ struct ieee802_11_elems {
        u8 mesh_config_len;
        u8 mesh_id_len;
        u8 peer_mgmt_len;
-       u8 vht_operation_len;
        u8 vendor_ht_cap_len;
        u8 vendor_vht_len;
        u8 p2p_len;