7 years ago · 8a44b64ba4
--- a/core/hdd/src/wlan_hdd_cfg80211.c
+++ b/core/hdd/src/wlan_hdd_cfg80211.c
@@ -18746,9 +18746,9 @@ static int wlan_hdd_cfg80211_set_ie(struct hdd_adapter *adapter,
 
				 	uint16_t remLen = ie_len;
			
 
				 #ifdef FEATURE_WLAN_WAPI
			
 
				 	uint32_t akmsuite[MAX_NUM_AKM_SUITES];
			
 
				-	u16 *tmp;
			
 
				+	uint8_t *tmp;
			
 
				 	uint16_t akmsuiteCount;
			
 
				-	int *akmlist;
			
 
				+	uint32_t *akmlist;
			
 
				 #endif
			
 
				 	int status;
			
 
				 	uint8_t *security_ie;
			
@@ -18946,16 +18946,16 @@ static int wlan_hdd_cfg80211_set_ie(struct hdd_adapter *adapter,
 
				 			}
			
 
				 			break;
			
 
				 		case DOT11F_EID_RSN:
			
 
				-			hdd_debug("Set RSN IE(len %d)", eLen + 2);
			
 
				-			if (eLen > (MAX_WPA_RSN_IE_LEN - 2)) {
			
 
				+			if  (eLen  > DOT11F_IE_RSN_MAX_LEN) {
			
 
				 				hdd_err("%s: Invalid WPA RSN IE length[%d]",
			
 
				-					__func__, eLen);
			
 
				+						__func__, eLen);
			
 
				 				return -EINVAL;
			
 
				 			}
			
 
				 			memset(security_ie, 0, MAX_WPA_RSN_IE_LEN);
			
 
				 			memcpy(security_ie, genie - 2, (eLen + 2));
			
 
				 			roam_profile->pRSNReqIE = security_ie;
			
 
				 			roam_profile->nRSNReqIELength = eLen + 2;     /* ie_len; */
			
 
				+			hdd_debug("Set RSN IE(len %d)", eLen + 2);
			
 
				 			break;
			
 
				 		/*
			
 
				 		 * Appending Extended Capabilities with Interworking bit set
			
@@ -18990,15 +18990,18 @@ static int wlan_hdd_cfg80211_set_ie(struct hdd_adapter *adapter,
 
				 #ifdef FEATURE_WLAN_WAPI
			
 
				 		case WLAN_EID_WAPI:
			
 
				 			/* Setting WAPI Mode to ON=1 */
			
 
				-			adapter->wapi_info.wapi_mode = true;
			
 
				+			adapter->wapi_info.wapi_mode = 1;
			
 
				 			hdd_debug("WAPI MODE IS %u", adapter->wapi_info.wapi_mode);
			
 
				-			tmp = (u16 *) ie;
			
 
				-			tmp = tmp + 2;  /* Skip element Id and Len, Version */
			
 
				+			tmp = (uint8_t *)ie;
			
 
				+			tmp = tmp + 4;  /* Skip element Id and Len, Version */
			
 
				+			/* Get the number of AKM suite */
			
 
				 			akmsuiteCount = WPA_GET_LE16(tmp);
			
 
				-			tmp = tmp + 1;
			
 
				-			akmlist = (int *)(tmp);
			
 
				+			/* Skip the number of AKM suite */
			
 
				+			tmp = tmp + 2;
			
 
				+			/* AKM suite list, each OUI contains 4 bytes */
			
 
				+			akmlist = (uint32_t *)(tmp);
			
 
				 			if (akmsuiteCount <= MAX_NUM_AKM_SUITES) {
			
 
				-				memcpy(akmsuite, akmlist, (4 * akmsuiteCount));
			
 
				+				memcpy(akmsuite, akmlist, akmsuiteCount);
			
 
				 			} else {
			
 
				 				hdd_err("Invalid akmSuite count: %u",
			
 
				 					akmsuiteCount);