瀏覽代碼

qcacld-3.0: Use offset to get the ie length from bss descriptor

qcacld-2.0 to qcacld-3.0 propagation

The length of bss descriptor is calculated using offset of IE
field but when lim tries to get the ielength it doesnt use the
offset which results in incorrect IE length.

To fix use offset to get the ie length from bss descriptor

Change-Id: I7abbde83aea1e0a1cfcd7bdb1a184158f75f2455
CRs-Fixed: 1082001
Abhishek Singh 8 年之前
父節點
當前提交
34a4d86ce1
共有 3 個文件被更改,包括 11 次插入15 次删除
  1. 4 4
      core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
  2. 4 7
      core/sap/src/sap_ch_select.c
  3. 3 4
      core/sme/src/csr/csr_api_scan.c

+ 4 - 4
core/mac/src/pe/lim/lim_send_sme_rsp_messages.c

@@ -647,10 +647,10 @@ lim_send_sme_start_bss_rsp(tpAniSirGlobal pMac,
 				     (uint32_t) psessionEntry->
 				     schBeaconOffsetEnd);
 
-			/* subtracting size of length indicator itself and size of pointer to ieFields */
-			pSirSmeRsp->bssDescription.length =
-				sizeof(tSirBssDescription) - sizeof(uint16_t) -
-				sizeof(uint32_t) + ieLen;
+			pSirSmeRsp->bssDescription.length = (uint16_t)
+				(offsetof(tSirBssDescription, ieFields[0])
+				- sizeof(pSirSmeRsp->bssDescription.length)
+				+ ieLen);
 			/* This is the size of the message, subtracting the size of the pointer to ieFields */
 			size += ieLen - sizeof(uint32_t);
 		}

+ 4 - 7
core/sap/src/sap_ch_select.c

@@ -301,9 +301,8 @@ void sap_process_avoid_ie(tHalHandle hal,
 	node = sme_scan_result_get_first(hal, scan_result);
 
 	while (node) {
-		total_ie_len = (node->BssDescriptor.length +
-			sizeof(uint16_t) + sizeof(uint32_t) -
-			sizeof(tSirBssDescription));
+		total_ie_len =
+			GET_IE_LEN_IN_BSS_DESC(node->BssDescriptor.length);
 		temp_ptr = cfg_get_vendor_ie_ptr_from_oui(mac_ctx,
 				SIR_MAC_QCOM_VENDOR_OUI,
 				SIR_MAC_QCOM_VENDOR_SIZE,
@@ -1216,10 +1215,8 @@ static void sap_compute_spect_weight(tSapChSelSpectInfo *pSpectInfoParams,
 		centerFreq = 0;
 
 		if (pScanResult->BssDescriptor.ieFields != NULL) {
-			ieLen =
-				(pScanResult->BssDescriptor.length +
-				 sizeof(uint16_t) + sizeof(uint32_t) -
-				 sizeof(tSirBssDescription));
+			ieLen = GET_IE_LEN_IN_BSS(
+					pScanResult->BssDescriptor.length);
 			qdf_mem_set((uint8_t *) pBeaconStruct,
 				    sizeof(tSirProbeRespBeacon), 0);
 

+ 3 - 4
core/sme/src/csr/csr_api_scan.c

@@ -2528,8 +2528,7 @@ static void csr_check_n_save_wsc_ie(tpAniSirGlobal pMac,
 	if ((pNewBssDescr->fProbeRsp != pOldBssDescr->fProbeRsp) &&
 	    (0 == pNewBssDescr->WscIeLen)) {
 		idx = 0;
-		len = pOldBssDescr->length - sizeof(tSirBssDescription) +
-		      sizeof(uint16_t) + sizeof(uint32_t) -
+		len = GET_IE_LEN_IN_BSS(pOldBssDescr->length) -
 		      DOT11F_IE_WSCPROBERES_MIN_LEN - 2;
 		pbIe = (uint8_t *) pOldBssDescr->ieFields;
 		/* Save WPS IE if it exists */
@@ -6981,8 +6980,8 @@ QDF_STATUS csr_scan_save_preferred_network_found(tpAniSirGlobal pMac,
 	 * Length of BSS desription is without length of length itself and
 	 * length of pointer that holds the next BSS description
 	 */
-	pBssDescr->length = (uint16_t) (sizeof(tSirBssDescription) -
-		sizeof(uint16_t) - sizeof(uint32_t) + uLen);
+	pBssDescr->length = (uint16_t)(offsetof(tSirBssDescription, ieFields[0])
+					- sizeof(pBssDescr->length) + uLen);
 	if (parsed_frm->dsParamsPresent)
 		pBssDescr->channelId = parsed_frm->channelNumber;
 	else if (parsed_frm->HTInfo.present)