Commit 113630b5 authored by Karthik D A's avatar Karthik D A Committed by Kalle Valo

mwifiex: vendor_ie length check for parse WMM IEs

While copying the vendor_ie obtained from the cfg80211_find_vendor_ie()
to the struct mwifiex_types_wmm_info, length/size was inappropriate.
This patch corrects the required length needed to the
mwifiex_types_wmm_info
Signed-off-by: default avatarKarthik D A <karthida@marvell.com>
Signed-off-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent c44c0403
...@@ -404,7 +404,7 @@ mwifiex_set_wmm_params(struct mwifiex_private *priv, ...@@ -404,7 +404,7 @@ mwifiex_set_wmm_params(struct mwifiex_private *priv,
struct cfg80211_ap_settings *params) struct cfg80211_ap_settings *params)
{ {
const u8 *vendor_ie; const u8 *vendor_ie;
struct ieee_types_header *wmm_ie; const u8 *wmm_ie;
u8 wmm_oui[] = {0x00, 0x50, 0xf2, 0x02}; u8 wmm_oui[] = {0x00, 0x50, 0xf2, 0x02};
vendor_ie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT, vendor_ie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
...@@ -412,9 +412,9 @@ mwifiex_set_wmm_params(struct mwifiex_private *priv, ...@@ -412,9 +412,9 @@ mwifiex_set_wmm_params(struct mwifiex_private *priv,
params->beacon.tail, params->beacon.tail,
params->beacon.tail_len); params->beacon.tail_len);
if (vendor_ie) { if (vendor_ie) {
wmm_ie = (struct ieee_types_header *)vendor_ie; wmm_ie = vendor_ie;
memcpy(&bss_cfg->wmm_info, wmm_ie + 1, memcpy(&bss_cfg->wmm_info, wmm_ie +
sizeof(bss_cfg->wmm_info)); sizeof(struct ieee_types_header), *(wmm_ie + 1));
priv->wmm_enabled = 1; priv->wmm_enabled = 1;
} else { } else {
memset(&bss_cfg->wmm_info, 0, sizeof(bss_cfg->wmm_info)); memset(&bss_cfg->wmm_info, 0, sizeof(bss_cfg->wmm_info));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment