Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 79ba1d8910f517c3bd39d794ddb1a5b4c03795c4^! / .
commit79ba1d8910f517c3bd39d794ddb1a5b4c03795c4[log] [tgz]
authorJohannes Berg <johannes.berg@intel.com>Wed Mar 27 14:38:07 2013 +0100
committerJohannes Berg <johannes.berg@intel.com>Mon Apr 08 09:16:58 2013 +0200
treefaff88285c710cacce1c04beda8074b57b17801a
parent1946bed95707ef75d85e94ebe106ce7a119ca831 [diff]
mac80211: parse Timeout Interval Element using a struct

Instead of open-coding the accesses and length check do
the length check in the IE parser and assign a struct
pointer for use in the remaining code.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index d10b5bb..e46fea8 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h

@@ -1955,6 +1955,16 @@
 	WLAN_TIMEOUT_ASSOC_COMEBACK = 3 /* 802.11w */,
 };
 
+/**
+ * struct ieee80211_timeout_interval_ie - Timeout Interval element
+ * @type: type, see &enum ieee80211_timeout_interval_type
+ * @value: timeout interval value
+ */
+struct ieee80211_timeout_interval_ie {
+	u8 type;
+	__le32 value;
+} __packed;
+
 /* BACK action code */
 enum ieee80211_back_actioncode {
 	WLAN_ACTION_ADDBA_REQ = 0,

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 6ad019d..c783e99 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h

@@ -1180,7 +1180,7 @@
 	const struct ieee80211_channel_sw_ie *ch_switch_ie;
 	const u8 *country_elem;
 	const u8 *pwr_constr_elem;
-	const u8 *timeout_int;
+	const struct ieee80211_timeout_interval_ie *timeout_int;
 	const u8 *opmode_notif;
 
 	/* length of them, respectively */
@@ -1198,7 +1198,6 @@
 	u8 prep_len;
 	u8 perr_len;
 	u8 country_elem_len;
-	u8 timeout_int_len;
 
 	/* whether a parse error occurred while retrieving these elements */
 	bool parse_error;

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 157d951..304d6cf 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c

@@ -2629,10 +2629,10 @@
 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
 
 	if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
-	    elems.timeout_int && elems.timeout_int_len == 5 &&
-	    elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
+	    elems.timeout_int &&
+	    elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
 		u32 tu, ms;
-		tu = get_unaligned_le32(elems.timeout_int + 1);
+		tu = le32_to_cpu(elems.timeout_int->value);
 		ms = tu * 1024 / 1000;
 		sdata_info(sdata,
 			   "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 4839dec..f9581c6 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c

@@ -874,8 +874,10 @@
 			elems->pwr_constr_elem = pos;
 			break;
 		case WLAN_EID_TIMEOUT_INTERVAL:
-			elems->timeout_int = pos;
-			elems->timeout_int_len = elen;
+			if (elen >= sizeof(struct ieee80211_timeout_interval_ie))
+				elems->timeout_int = (void *)pos;
+			else
+				elem_parse_failed = true;
 			break;
 		default:
 			break;