qcacld-3.0: Use offset to get the ie length from bss descriptor

qcacld-2.0 to qcacld-3.0 propagation The length of bss descriptor is calculated using offset of IE field but when lim tries to get the ielength it doesnt use the offset which results in incorrect IE length. To fix use offset to get the ie length from bss descriptor Change-Id: I7abbde83aea1e0a1cfcd7bdb1a184158f75f2455 CRs-Fixed: 1082001
2016-10-26 16:01:51 +05:30
parent f311a5a899
commit 34a4d86ce1
3 changed files with 11 additions and 15 deletions
--- a/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
+++ b/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
@@ -647,10 +647,10 @@ lim_send_sme_start_bss_rsp(tpAniSirGlobal pMac,
 				     (uint32_t) psessionEntry->
 				     schBeaconOffsetEnd);

-			/* subtracting size of length indicator itself and size of pointer to ieFields */
-			pSirSmeRsp->bssDescription.length =
-				sizeof(tSirBssDescription) - sizeof(uint16_t) -
-				sizeof(uint32_t) + ieLen;
+			pSirSmeRsp->bssDescription.length = (uint16_t)
+				(offsetof(tSirBssDescription, ieFields[0])
+				- sizeof(pSirSmeRsp->bssDescription.length)
+				+ ieLen);
 			/* This is the size of the message, subtracting the size of the pointer to ieFields */
 			size += ieLen - sizeof(uint32_t);
 		}
--- a/core/sap/src/sap_ch_select.c
+++ b/core/sap/src/sap_ch_select.c
@@ -301,9 +301,8 @@ void sap_process_avoid_ie(tHalHandle hal,
 	node = sme_scan_result_get_first(hal, scan_result);

 	while (node) {
-		total_ie_len = (node->BssDescriptor.length +
-			sizeof(uint16_t) + sizeof(uint32_t) -
-			sizeof(tSirBssDescription));
+		total_ie_len =
+			GET_IE_LEN_IN_BSS_DESC(node->BssDescriptor.length);
 		temp_ptr = cfg_get_vendor_ie_ptr_from_oui(mac_ctx,
 				SIR_MAC_QCOM_VENDOR_OUI,
 				SIR_MAC_QCOM_VENDOR_SIZE,
@@ -1216,10 +1215,8 @@ static void sap_compute_spect_weight(tSapChSelSpectInfo *pSpectInfoParams,
 		centerFreq = 0;

 		if (pScanResult->BssDescriptor.ieFields != NULL) {
-			ieLen =
-				(pScanResult->BssDescriptor.length +
-				 sizeof(uint16_t) + sizeof(uint32_t) -
-				 sizeof(tSirBssDescription));
+			ieLen = GET_IE_LEN_IN_BSS(
+					pScanResult->BssDescriptor.length);
 			qdf_mem_set((uint8_t *) pBeaconStruct,
 				    sizeof(tSirProbeRespBeacon), 0);

--- a/core/sme/src/csr/csr_api_scan.c
+++ b/core/sme/src/csr/csr_api_scan.c
@@ -2528,8 +2528,7 @@ static void csr_check_n_save_wsc_ie(tpAniSirGlobal pMac,
 	if ((pNewBssDescr->fProbeRsp != pOldBssDescr->fProbeRsp) &&
 	    (0 == pNewBssDescr->WscIeLen)) {
 		idx = 0;
-		len = pOldBssDescr->length - sizeof(tSirBssDescription) +
-		      sizeof(uint16_t) + sizeof(uint32_t) -
+		len = GET_IE_LEN_IN_BSS(pOldBssDescr->length) -
 		      DOT11F_IE_WSCPROBERES_MIN_LEN - 2;
 		pbIe = (uint8_t *) pOldBssDescr->ieFields;
 		/* Save WPS IE if it exists */
@@ -6981,8 +6980,8 @@ QDF_STATUS csr_scan_save_preferred_network_found(tpAniSirGlobal pMac,
 	 * Length of BSS desription is without length of length itself and
 	 * length of pointer that holds the next BSS description
 	 */
-	pBssDescr->length = (uint16_t) (sizeof(tSirBssDescription) -
-		sizeof(uint16_t) - sizeof(uint32_t) + uLen);
+	pBssDescr->length = (uint16_t)(offsetof(tSirBssDescription, ieFields[0])
+					- sizeof(pBssDescr->length) + uLen);
 	if (parsed_frm->dsParamsPresent)
 		pBssDescr->channelId = parsed_frm->channelNumber;
 	else if (parsed_frm->HTInfo.present)