Simplify DSSS Parameter Set element parsing

Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the only allowed element length is one.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ap_list.c b/src/ap/ap_list.c
index 04a56a95efd91b903fa2112acb932648b881b660..8cccd833adc7b425476f6f04914270da52fd575b 100644 (file)
--- a/src/ap/ap_list.c
+++ b/src/ap/ap_list.c
@@ -198,7 +198,7 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
        else
                ap->erp = -1;
 
-       if (elems->ds_params && elems->ds_params_len == 1)
+       if (elems->ds_params)
                ap->channel = elems->ds_params[0];
        else if (elems->ht_operation && elems->ht_operation_len >= 1)
                ap->channel = elems->ht_operation[0];

diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index ad371f424b608f0aa84665120df27b092b9a8ca9..700985595847f748bb787f5038c689c9dc57a045 100644 (file)
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -588,7 +588,7 @@ void handle_probe_req(struct hostapd_data *hapd,
         * is less likely to see them (Probe Request frame sent on a
         * neighboring, but partially overlapping, channel).
         */
-       if (elems.ds_params && elems.ds_params_len == 1 &&
+       if (elems.ds_params &&
            hapd->iface->current_mode &&
            (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G ||
             hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211B) &&

diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 350e955803398e577a2903cc99e803604c388e77..140f9207023c0aa3b4a2ec431e3f4a4de4485453 100644 (file)
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -211,8 +211,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
                        elems->supp_rates_len = elen;
                        break;
                case WLAN_EID_DS_PARAMS:
+                       if (elen < 1)
+                               break;
                        elems->ds_params = pos;
-                       elems->ds_params_len = elen;
                        break;
                case WLAN_EID_CF_PARAMS:
                case WLAN_EID_TIM:

diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index 7f0b296d2b00a340863c3afcb568cb47dc8edb76..0a71bc86f5fa34c4791cfe37b0c4c9e1f91ecfd9 100644 (file)
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -51,7 +51,6 @@ struct ieee802_11_elems {
 
        u8 ssid_len;
        u8 supp_rates_len;
-       u8 ds_params_len;
        u8 challenge_len;
        u8 erp_info_len;
        u8 ext_supp_rates_len;

diff --git a/src/p2p/p2p_parse.c b/src/p2p/p2p_parse.c
index def41ff51d37197100e62456d080ce1bca84c759..980dddf12f12bb53644ea844f7e0fd16096348b5 100644 (file)
--- a/src/p2p/p2p_parse.c
+++ b/src/p2p/p2p_parse.c
@@ -516,7 +516,7 @@ int p2p_parse_ies(const u8 *data, size_t len, struct p2p_message *msg)
        struct ieee802_11_elems elems;
 
        ieee802_11_parse_elems(data, len, &elems, 0);
-       if (elems.ds_params && elems.ds_params_len >= 1)
+       if (elems.ds_params)
                msg->ds_params = elems.ds_params;
        if (elems.ssid)
                msg->ssid = elems.ssid - 2;