From 1c3efa63d93882899fa3ee996ec71a008289871b Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 1 Jul 2019 15:27:08 +0200 Subject: [PATCH 1/2] HE: fix ieee80211_he_capabilities size Set the max value of optional bytes inside the data structure. This requires us to calculate the actually used size when copying the HE capabilities and generating the IE. Signed-off-by: John Crispin --- src/ap/ieee802_11_he.c | 35 +++++++++++++++++++++++++++++++---- src/common/ieee802_11_defs.h | 2 +- 2 files changed, 32 insertions(+), 5 deletions(-) --- a/src/ap/ieee802_11_he.c +++ b/src/ap/ieee802_11_he.c @@ -79,7 +79,6 @@ static int ieee80211_invalid_he_cap_size return len != cap_len; } - u8 * hostapd_eid_he_capab(struct hostapd_data *hapd, u8 *eid, enum ieee80211_op_mode opmode) { @@ -420,8 +419,7 @@ u16 copy_sta_he_capab(struct hostapd_dat { if (!he_capab || !hapd->iconf->ieee80211ax || !check_valid_he_mcs(hapd, he_capab, opmode) || - ieee80211_invalid_he_cap_size(he_capab, he_capab_len) || - he_capab_len > sizeof(struct ieee80211_he_capabilities)) { + ieee80211_invalid_he_cap_size(he_capab, he_capab_len)) { sta->flags &= ~WLAN_STA_HE; os_free(sta->he_capab); sta->he_capab = NULL; @@ -430,13 +428,12 @@ u16 copy_sta_he_capab(struct hostapd_dat if (!sta->he_capab) { sta->he_capab = - os_zalloc(sizeof(struct ieee80211_he_capabilities)); + os_zalloc(he_capab_len); if (!sta->he_capab) return WLAN_STATUS_UNSPECIFIED_FAILURE; } sta->flags |= WLAN_STA_HE; - os_memset(sta->he_capab, 0, sizeof(struct ieee80211_he_capabilities)); os_memcpy(sta->he_capab, he_capab, he_capab_len); sta->he_capab_len = he_capab_len;