wlan: Use offset to get the ie length from bss descriptor
The length of bss descriptor is calculated using offset of IE
field but when lim tries to get the IE length it doesnt use the
offset which results in incorrect IE length.
To fix use offset to get the ie length from bss descriptor
Change-Id: I7abbde83aea1e0a1cfcd7bdb1a184158f75f2455
CRs-Fixed: 1082001
diff --git a/CORE/MAC/src/pe/lim/limAssocUtils.c b/CORE/MAC/src/pe/lim/limAssocUtils.c
index 5af2f97..188f2e5 100644
--- a/CORE/MAC/src/pe/lim/limAssocUtils.c
+++ b/CORE/MAC/src/pe/lim/limAssocUtils.c
@@ -4028,7 +4028,7 @@
limExtractApCapabilities( pMac,
(tANI_U8 *) bssDescription->ieFields,
- limGetIElenFromBssDescription( bssDescription ),
+ GET_IE_LEN_IN_BSS(bssDescription->length),
pBeaconStruct );
if(pMac->lim.gLimProtectionControl != WNI_CFG_FORCE_POLICY_PROTECTION_DISABLE)
diff --git a/CORE/MAC/src/pe/lim/limFT.c b/CORE/MAC/src/pe/lim/limFT.c
index 8058e13..6a51b33 100644
--- a/CORE/MAC/src/pe/lim/limFT.c
+++ b/CORE/MAC/src/pe/lim/limFT.c
@@ -440,7 +440,7 @@
limExtractApCapabilities( pMac,
(tANI_U8 *) bssDescription->ieFields,
- limGetIElenFromBssDescription( bssDescription ), pBeaconStruct );
+ GET_IE_LEN_IN_BSS(bssDescription->length), pBeaconStruct);
if (pMac->lim.gLimProtectionControl != WNI_CFG_FORCE_POLICY_PROTECTION_DISABLE)
limDecideStaProtectionOnAssoc(pMac, pBeaconStruct, pftSessionEntry);
@@ -734,7 +734,7 @@
limExtractApCapabilities( pMac,
(tANI_U8 *) pbssDescription->ieFields,
- limGetIElenFromBssDescription( pbssDescription ),
+ GET_IE_LEN_IN_BSS(pbssDescription->length),
pBeaconStruct );
pftSessionEntry->rateSet.numRates = pBeaconStruct->supportedRates.numRates;
@@ -856,8 +856,8 @@
regMax = cfgGetRegulatoryMaxTransmitPower( pMac, pftSessionEntry->currentOperChannel );
localPowerConstraint = regMax;
- limExtractApCapability( pMac, (tANI_U8 *) pbssDescription->ieFields,
- limGetIElenFromBssDescription(pbssDescription),
+ limExtractApCapability(pMac, (tANI_U8 *) pbssDescription->ieFields,
+ GET_IE_LEN_IN_BSS(pbssDescription->length),
&pftSessionEntry->limCurrentBssQosCaps,
&pftSessionEntry->limCurrentBssPropCap,
¤tBssUapsd , &localPowerConstraint, psessionEntry);
diff --git a/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c b/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c
index 6a257c8..d08df5b 100644
--- a/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c
@@ -877,10 +877,10 @@
limUpdateAssocStaDatas(pMac, pStaDs, pAssocRsp,psessionEntry);
// Extract the AP capabilities from the beacon that was received earlier
// TODO - Watch out for an error response!
- limExtractApCapabilities( pMac,
- (tANI_U8 *) psessionEntry->pLimJoinReq->bssDescription.ieFields,
- limGetIElenFromBssDescription( &psessionEntry->pLimJoinReq->bssDescription ),
- pBeaconStruct );
+ limExtractApCapabilities(pMac,
+ (tANI_U8 *) psessionEntry->pLimJoinReq->bssDescription.ieFields,
+ GET_IE_LEN_IN_BSS(psessionEntry->pLimJoinReq->bssDescription.length),
+ pBeaconStruct);
if(pMac->lim.gLimProtectionControl != WNI_CFG_FORCE_POLICY_PROTECTION_DISABLE)
limDecideStaProtectionOnAssoc(pMac, pBeaconStruct, psessionEntry);
diff --git a/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c b/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
index 20b68ad..1393690 100644
--- a/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
+++ b/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
@@ -4820,9 +4820,11 @@
limUpdateAssocStaDatas(pMac, pStaDs, assocRsp,psessionEntry);
limUpdateReAssocGlobals(pMac, assocRsp,psessionEntry);
limExtractApCapabilities( pMac,
- (tANI_U8 *) psessionEntry->pLimReAssocReq->bssDescription.ieFields,
- limGetIElenFromBssDescription( &psessionEntry->pLimReAssocReq->bssDescription ),
- pBeaconStruct );
+ (tANI_U8 *)
+ psessionEntry->pLimReAssocReq->bssDescription.ieFields,
+ GET_IE_LEN_IN_BSS(
+ psessionEntry->pLimReAssocReq->bssDescription.length),
+ pBeaconStruct);
if(pMac->lim.gLimProtectionControl != WNI_CFG_FORCE_POLICY_PROTECTION_DISABLE)
limDecideStaProtectionOnAssoc(pMac, pBeaconStruct, psessionEntry);
if(pBeaconStruct->erpPresent) {
@@ -4996,10 +4998,12 @@
assocRsp = (tpSirAssocRsp)psessionEntry->limAssocResponseData;
limUpdateAssocStaDatas(pMac, pStaDs, assocRsp, psessionEntry);
limUpdateReAssocGlobals(pMac, assocRsp, psessionEntry);
- limExtractApCapabilities( pMac,
- (tANI_U8 *) psessionEntry->pLimReAssocReq->bssDescription.ieFields,
- limGetIElenFromBssDescription( &psessionEntry->pLimReAssocReq->bssDescription ),
- pBeaconStruct );
+ limExtractApCapabilities(pMac,
+ (tANI_U8 *)
+ psessionEntry->pLimReAssocReq->bssDescription.ieFields,
+ GET_IE_LEN_IN_BSS(
+ psessionEntry->pLimReAssocReq->bssDescription.length),
+ pBeaconStruct);
if(pMac->lim.gLimProtectionControl != WNI_CFG_FORCE_POLICY_PROTECTION_DISABLE)
limDecideStaProtectionOnAssoc(pMac, pBeaconStruct, psessionEntry);
diff --git a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
index 9f7f4b8..72840ab 100644
--- a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
+++ b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
@@ -1863,9 +1863,7 @@
psessionEntry->bWPSAssociation = pSmeJoinReq->bWPSAssociation;
/* Store vendor specfic IE for CISCO AP */
- ieLen = (pSmeJoinReq->bssDescription.length +
- sizeof( pSmeJoinReq->bssDescription.length ) -
- GET_FIELD_OFFSET( tSirBssDescription, ieFields ));
+ ieLen = GET_IE_LEN_IN_BSS(pSmeJoinReq->bssDescription.length);
vendorIE = limGetVendorIEOuiPtr(pMac, SIR_MAC_CISCO_OUI,
SIR_MAC_CISCO_OUI_SIZE,
@@ -2070,15 +2068,14 @@
regMax = cfgGetRegulatoryMaxTransmitPower( pMac, psessionEntry->currentOperChannel );
localPowerConstraint = regMax;
- limExtractApCapability( pMac,
- (tANI_U8 *) psessionEntry->pLimJoinReq->bssDescription.ieFields,
- limGetIElenFromBssDescription(&psessionEntry->pLimJoinReq->bssDescription),
- &psessionEntry->limCurrentBssQosCaps,
- &psessionEntry->limCurrentBssPropCap,
- &pMac->lim.gLimCurrentBssUapsd //TBD-RAJESH make gLimCurrentBssUapsd this session specific
- , &localPowerConstraint,
- psessionEntry
- );
+ limExtractApCapability(pMac,
+ (tANI_U8 *) psessionEntry->pLimJoinReq->bssDescription.ieFields,
+ GET_IE_LEN_IN_BSS(psessionEntry->pLimJoinReq->bssDescription.length),
+ &psessionEntry->limCurrentBssQosCaps,
+ &psessionEntry->limCurrentBssPropCap,
+ &pMac->lim.gLimCurrentBssUapsd,
+ &localPowerConstraint,
+ psessionEntry);
#ifdef FEATURE_WLAN_ESE
psessionEntry->maxTxPower = limGetMaxTxPower(regMax, localPowerConstraint, pMac->roam.configParam.nTxPowerCap);
@@ -2352,16 +2349,15 @@
psessionEntry->pLimReAssocReq->bssDescription.capabilityInfo;
regMax = cfgGetRegulatoryMaxTransmitPower( pMac, psessionEntry->currentOperChannel );
localPowerConstraint = regMax;
- limExtractApCapability( pMac,
- (tANI_U8 *) psessionEntry->pLimReAssocReq->bssDescription.ieFields,
- limGetIElenFromBssDescription(
- &psessionEntry->pLimReAssocReq->bssDescription),
- &psessionEntry->limReassocBssQosCaps,
- &psessionEntry->limReassocBssPropCap,
- &pMac->lim.gLimCurrentBssUapsd //TBD-RAJESH make gLimReassocBssUapsd session specific
- , &localPowerConstraint,
- psessionEntry
- );
+ limExtractApCapability(pMac,
+ (tANI_U8 *) psessionEntry->pLimReAssocReq->bssDescription.ieFields,
+ GET_IE_LEN_IN_BSS(
+ psessionEntry->pLimReAssocReq->bssDescription.length),
+ &psessionEntry->limReassocBssQosCaps,
+ &psessionEntry->limReassocBssPropCap,
+ &pMac->lim.gLimCurrentBssUapsd,
+ &localPowerConstraint,
+ psessionEntry);
psessionEntry->maxTxPower = VOS_MIN( regMax, (localPowerConstraint) );
if (!psessionEntry->maxTxPower)
diff --git a/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c b/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c
index 618c71f..85c577b 100644
--- a/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c
+++ b/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c
@@ -657,9 +657,9 @@
//subtracting size of length indicator itself and size of pointer to ieFields
- pSirSmeRsp->bssDescription.length = sizeof(tSirBssDescription) -
- sizeof(tANI_U16) - sizeof(tANI_U32) +
- ieLen;
+ pSirSmeRsp->bssDescription.length =
+ ((uintptr_t)OFFSET_OF(tSirBssDescription, ieFields))
+ - sizeof(pSirSmeRsp->bssDescription.length) + ieLen;
//This is the size of the message, subtracting the size of the pointer to ieFields
size += ieLen - sizeof(tANI_U32);
}
diff --git a/CORE/MAC/src/pe/lim/limSerDesUtils.c b/CORE/MAC/src/pe/lim/limSerDesUtils.c
index e879a07..3fb524b 100644
--- a/CORE/MAC/src/pe/lim/limSerDesUtils.c
+++ b/CORE/MAC/src/pe/lim/limSerDesUtils.c
@@ -404,7 +404,7 @@
len++;
vos_mem_copy( pBuf, (tANI_U8 *) &(pBssDescription->ieFields),
- limGetIElenFromBssDescription(pBssDescription));
+ GET_IE_LEN_IN_BSS(pBssDescription->length));
return (len + sizeof(tANI_U16));
} /*** end limCopyBssDescription() ***/
diff --git a/CORE/MAC/src/pe/lim/limTypes.h b/CORE/MAC/src/pe/lim/limTypes.h
index 35137b8..a375494 100644
--- a/CORE/MAC/src/pe/lim/limTypes.h
+++ b/CORE/MAC/src/pe/lim/limTypes.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2013, 2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -1002,40 +1002,6 @@
return (*(pChanNum + pMac->lim.gLimCurrentScanChannelId));
} /*** end limGetCurrentScanChannel() ***/
-
-
-/**
- * limGetIElenFromBssDescription()
- *
- *FUNCTION:
- * This function is called in various places to get IE length
- * from tSirBssDescription structure
- * number being scanned.
- *
- *PARAMS:
- *
- *LOGIC:
- *
- *ASSUMPTIONS:
- * NA
- *
- *NOTE:
- * NA
- *
- * @param pBssDescr
- * @return Total IE length
- */
-
-static inline tANI_U16
-limGetIElenFromBssDescription(tpSirBssDescription pBssDescr)
-{
- if (!pBssDescr)
- return 0;
-
- return ((tANI_U16) (pBssDescr->length + sizeof(tANI_U16) +
- sizeof(tANI_U32) - sizeof(tSirBssDescription)));
-} /*** end limGetIElenFromBssDescription() ***/
-
/**
* limSendBeaconInd()
*
diff --git a/CORE/SAP/src/sapApiLinkCntl.c b/CORE/SAP/src/sapApiLinkCntl.c
index 9d4d193..a0234c6 100644
--- a/CORE/SAP/src/sapApiLinkCntl.c
+++ b/CORE/SAP/src/sapApiLinkCntl.c
@@ -865,8 +865,7 @@
if ((pScanResult->BssDescriptor.ieFields != NULL))
{
- ieLen = (pScanResult->BssDescriptor.length + sizeof(tANI_U16));
- ieLen += (sizeof(tANI_U32) - sizeof(tSirBssDescription));
+ ieLen = GET_IE_LEN_IN_BSS(pScanResult->BssDescriptor.length);
vos_mem_set((tANI_U8 *) pBeaconStruct,
sizeof(tSirProbeRespBeacon), 0);
diff --git a/CORE/SAP/src/sapChSelect.c b/CORE/SAP/src/sapChSelect.c
index aa4c746..dda7fa1 100644
--- a/CORE/SAP/src/sapChSelect.c
+++ b/CORE/SAP/src/sapChSelect.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, 2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -1372,7 +1372,7 @@
if (pScanResult->BssDescriptor.ieFields != NULL)
{
- ieLen = (pScanResult->BssDescriptor.length + sizeof(tANI_U16) + sizeof(tANI_U32) - sizeof(tSirBssDescription));
+ ieLen = GET_IE_LEN_IN_BSS(pScanResult->BssDescriptor.length);
vos_mem_set((tANI_U8 *) pBeaconStruct, sizeof(tSirProbeRespBeacon), 0);
if ((sirParseBeaconIE(pMac, pBeaconStruct,(tANI_U8 *)( pScanResult->BssDescriptor.ieFields), ieLen)) == eSIR_SUCCESS)
diff --git a/CORE/SME/src/csr/csrApiScan.c b/CORE/SME/src/csr/csrApiScan.c
index f5944bc..1ccbf5e 100644
--- a/CORE/SME/src/csr/csrApiScan.c
+++ b/CORE/SME/src/csr/csrApiScan.c
@@ -3325,8 +3325,8 @@
(0 == pNewBssDescr->WscIeLen))
{
idx = 0;
- len = pOldBssDescr->length - sizeof(tSirBssDescription) +
- sizeof(tANI_U16) + sizeof(tANI_U32) - DOT11F_IE_WSCPROBERES_MIN_LEN - 2;
+ len = GET_IE_LEN_IN_BSS(pOldBssDescr->length)
+ - DOT11F_IE_WSCPROBERES_MIN_LEN - 2;
pbIe = (tANI_U8 *)pOldBssDescr->ieFields;
//Save WPS IE if it exists
pNewBssDescr->WscIeLen = 0;
@@ -9058,8 +9058,8 @@
* that holds the next BSS description
*/
pBssDescr->length = (tANI_U16)(
- sizeof(tSirBssDescription) - sizeof(tANI_U16) -
- sizeof(tANI_U32) + uLen);
+ ((uintptr_t)OFFSET_OF(tSirBssDescription, ieFields))
+ - sizeof(pBssDescr->length) + uLen);
if (pParsedFrame->dsParamsPresent)
{
pBssDescr->channelId = pParsedFrame->channelNumber;
diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c
index 3e2732f..52687fe 100644
--- a/CORE/SME/src/csr/csrUtil.c
+++ b/CORE/SME/src/csr/csrUtil.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -2064,7 +2064,7 @@
{
eHalStatus status = eHAL_STATUS_FAILURE;
tpAniSirGlobal pMac = PMAC_STRUCT( hHal );
- int ieLen = (int)(pBssDesc->length + sizeof( pBssDesc->length ) - GET_FIELD_OFFSET( tSirBssDescription, ieFields ));
+ int ieLen = (int)GET_IE_LEN_IN_BSS(pBssDesc->length);
if(ieLen > 0 && pIEStruct)
{