首页 发现 帮助
登录
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

qcacld-3.0: Don't consider beacon length for non-beaconing entities

As part of start_bss response, beacon structures are extracted
from pe_session and stored in bss_description. But non-beaconing
entities like NDI doesn't have a beacon and corresponding
structures in pe_session are not valid. Beacon structures
schBeaconOffsetBegin and schBeaconOffsetEnd contain 0 in such
cases. Calculation of beacon IE length from these would result an
invalid length and leads to invalid IE extraction from
bss_description later(from csr_roam_process_start_bss_success).
Check if pe_session has valid beacon entry to avoid this.

Change-Id: Ic78dfcdbfb83cb29437d46337d13d62df533d780
CRs-Fixed: 2876897
Srinivas Dasari 4 年之前
父节点
478850c258
当前提交
6b35a26d48
共有 2 个文件被更改,包括 14 次插入6 次删除
分列视图 显示文件统计
  1. 8 3
      core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
  2. 6 3
      core/mac/src/sys/legacy/src/utils/src/parser_api.c

+ 8 - 3
core/mac/src/pe/lim/lim_send_sme_rsp_messages.c
查看文件 

@@ -891,7 +891,7 @@ void lim_send_sme_start_bss_rsp(struct mac_context *mac,
 
 	uint16_t size = 0;
 
 	struct scheduler_msg mmhMsg = {0};
 
 	struct start_bss_rsp *pSirSmeRsp;
 
-	uint16_t ieLen;
 
+	uint16_t beacon_length, ieLen;
 
 	uint16_t ieOffset, curLen;
 
 
 	pe_debug("Sending message: %s with reasonCode: %s",
 
@@ -906,8 +906,13 @@ void lim_send_sme_start_bss_rsp(struct mac_context *mac,
 
 	} else {
 
 		/* subtract size of beaconLength + Mac Hdr + Fixed Fields before SSID */
 
 		ieOffset = sizeof(tAniBeaconStruct) + SIR_MAC_B_PR_SSID_OFFSET;
 
-		ieLen = pe_session->schBeaconOffsetBegin
 
-			+ pe_session->schBeaconOffsetEnd - ieOffset;
 
+		beacon_length = pe_session->schBeaconOffsetBegin +
 
+						pe_session->schBeaconOffsetEnd;
 
+		ieLen = beacon_length - ieOffset;
 
+
 
+		/* Invalidate for non-beaconing entities */
 
+		if (beacon_length <= ieOffset)
 
+			ieLen = ieOffset = 0;
 
 		/* calculate the memory size to allocate */
 
 		size += ieLen;

+ 6 - 3
core/mac/src/sys/legacy/src/utils/src/parser_api.c
查看文件 

@@ -6790,9 +6790,12 @@ wlan_fill_bss_desc_from_scan_entry(struct mac_context *mac_ctx,
 
 uint16_t
 
 wlan_get_ielen_from_bss_description(struct bss_description *bss_desc)
 
 {
 
-	uint16_t ielen;
 
+	uint16_t ielen, ieFields_offset;
 
 
-	if (!bss_desc)
 
+	ieFields_offset = GET_FIELD_OFFSET(struct bss_description, ieFields);
 
+
 
+	if ((!bss_desc || !bss_desc->length) ||
 
+	    (bss_desc->length - sizeof(bss_desc->length) <= ieFields_offset))
 
 		return 0;
 
 
 	/*
 
@@ -6809,7 +6812,7 @@ wlan_get_ielen_from_bss_description(struct bss_description *bss_desc)
 
 	 */
 
 
 	ielen = (uint16_t)(bss_desc->length + sizeof(bss_desc->length) -
 
-			   GET_FIELD_OFFSET(struct bss_description, ieFields));
 
+			   ieFields_offset);
 
 
 	return ielen;
 
 }