Commit 08519034 authored by Jes Sorensen's avatar Jes Sorensen Committed by Greg Kroah-Hartman

staging: rtl8723au: issue_probersp(): Do not copy the IEs in front of probe_resp data

Another case where the driver was copying IEs in front of the
probe_resp data in the management frame, when running in AP mode. This
would result in badly corrupted frames hitting the wire - ouf ouf ouf!
Signed-off-by: default avatarJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5d43182b
...@@ -2544,7 +2544,7 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da, ...@@ -2544,7 +2544,7 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da,
struct xmit_frame *pmgntframe; struct xmit_frame *pmgntframe;
struct pkt_attrib *pattrib; struct pkt_attrib *pattrib;
unsigned char *pframe; unsigned char *pframe;
struct ieee80211_hdr *pwlanhdr; struct ieee80211_mgmt *mgmt;
unsigned char *mac, *bssid; unsigned char *mac, *bssid;
struct xmit_priv *pxmitpriv = &padapter->xmitpriv; struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
#ifdef CONFIG_8723AU_AP_MODE #ifdef CONFIG_8723AU_AP_MODE
...@@ -2564,6 +2564,9 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da, ...@@ -2564,6 +2564,9 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da,
/* DBG_8723A("%s\n", __func__); */ /* DBG_8723A("%s\n", __func__); */
if (cur_network->IELength > MAX_IE_SZ)
return;
pmgntframe = alloc_mgtxmitframe23a(pxmitpriv); pmgntframe = alloc_mgtxmitframe23a(pxmitpriv);
if (!pmgntframe) { if (!pmgntframe) {
DBG_8723A("%s, alloc mgnt frame fail\n", __func__); DBG_8723A("%s, alloc mgnt frame fail\n", __func__);
...@@ -2577,28 +2580,35 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da, ...@@ -2577,28 +2580,35 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da,
memset(pmgntframe->buf_addr, 0, WLANHDR_OFFSET + TXDESC_OFFSET); memset(pmgntframe->buf_addr, 0, WLANHDR_OFFSET + TXDESC_OFFSET);
pframe = (u8 *)pmgntframe->buf_addr + TXDESC_OFFSET; pframe = (u8 *)pmgntframe->buf_addr + TXDESC_OFFSET;
pwlanhdr = (struct ieee80211_hdr *)pframe; mgmt = (struct ieee80211_mgmt *)pframe;
mac = myid(&padapter->eeprompriv); mac = myid(&padapter->eeprompriv);
bssid = cur_network->MacAddress; bssid = cur_network->MacAddress;
pwlanhdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | mgmt->frame_control =
IEEE80211_STYPE_PROBE_RESP); cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_PROBE_RESP);
ether_addr_copy(pwlanhdr->addr1, da); ether_addr_copy(mgmt->da, da);
ether_addr_copy(pwlanhdr->addr2, mac); ether_addr_copy(mgmt->sa, mac);
ether_addr_copy(pwlanhdr->addr3, bssid); ether_addr_copy(mgmt->bssid, bssid);
pwlanhdr->seq_ctrl = mgmt->seq_ctrl = cpu_to_le16(IEEE80211_SN_TO_SEQ(pmlmeext->mgnt_seq));
cpu_to_le16(IEEE80211_SN_TO_SEQ(pmlmeext->mgnt_seq));
pmlmeext->mgnt_seq++; pmlmeext->mgnt_seq++;
pattrib->hdrlen = sizeof(struct ieee80211_hdr_3addr); pattrib->hdrlen = sizeof(struct ieee80211_hdr_3addr);
pattrib->pktlen = pattrib->hdrlen;
pframe += pattrib->hdrlen;
if (cur_network->IELength > MAX_IE_SZ) /* timestamp will be inserted by hardware */
return; put_unaligned_le16(cur_network->beacon_interval,
&mgmt->u.probe_resp.beacon_int);
put_unaligned_le16(cur_network->capability,
&mgmt->u.probe_resp.capab_info);
pframe = mgmt->u.probe_resp.variable;
pattrib->pktlen =
offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
/* below for ad-hoc mode */
#ifdef CONFIG_8723AU_AP_MODE #ifdef CONFIG_8723AU_AP_MODE
if ((pmlmeinfo->state & 0x03) == WIFI_FW_AP_STATE) { if ((pmlmeinfo->state & 0x03) == WIFI_FW_AP_STATE) {
...@@ -2682,29 +2692,6 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da, ...@@ -2682,29 +2692,6 @@ static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da,
} else } else
#endif #endif
{ {
/* timestamp will be inserted by hardware */
pframe += 8;
pattrib->pktlen += 8;
/* beacon interval: 2 bytes */
memcpy(pframe, (unsigned char *)
rtw_get_beacon_interval23a_from_ie(cur_network->IEs), 2);
pframe += 2;
pattrib->pktlen += 2;
/* capability info: 2 bytes */
memcpy(pframe, (unsigned char *)
rtw_get_capability23a_from_ie(cur_network->IEs), 2);
pframe += 2;
pattrib->pktlen += 2;
/* below for ad-hoc mode */
/* SSID */ /* SSID */
pframe = rtw_set_ie23a(pframe, WLAN_EID_SSID, pframe = rtw_set_ie23a(pframe, WLAN_EID_SSID,
cur_network->Ssid.ssid_len, cur_network->Ssid.ssid_len,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment