diff options
| author | Adham Abozaeid <adham.abozaeid@microchip.com> | 2018-05-24 03:02:14 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-05-25 19:45:47 +0300 |
| commit | 979eb0c96be97ddefc46cf8659741cf3ffc54fd2 (patch) | |
| tree | 987ff6e5127e0bd32d6793f84f38895201465420 /drivers/staging | |
| parent | 173ffd0993fd3e6ec7e0e24424350a807605e6d0 (diff) | |
| download | linux-979eb0c96be97ddefc46cf8659741cf3ffc54fd2.tar.xz | |
staging: wilc1000: Avoid overriding rates_no while parsing ies element.
Commit d4b4aaba515a ("staging: wilc1000: fix line over 80 characters in
host_int_parse_join_bss_param()") introduced a bug by not keeping the
rates_no value while parsing ies elements.
It also increments auth_total_cnt as a pointer instead of its reference.
This commit fixes the bug by passing reference to rates_no to
host_int_parse_join_bss_param() and by incrementing reference of
auth_total_cnt
Fixes: d4b4aaba515a (staging: wilc1000: fix line over 80 characters in host_int_parse_join_bss_param())
Signed-off-by: Adham Abozaeid <adham.abozaeid@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging')
| -rw-r--r-- | drivers/staging/wilc1000/host_interface.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 7b613cd72d22..0aaae33f97b9 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -3813,9 +3813,9 @@ int wilc_setup_multicast_filter(struct wilc_vif *vif, bool enabled, static void host_int_fill_join_bss_param(struct join_bss_param *param, u8 *ies, u16 *out_index, u8 *pcipher_tc, - u8 *auth_total_cnt, u32 tsf_lo) + u8 *auth_total_cnt, u32 tsf_lo, + u8 *rates_no) { - u8 rates_no = 0; u8 ext_rates_no; u16 offset; u8 pcipher_cnt; @@ -3824,23 +3824,23 @@ static void host_int_fill_join_bss_param(struct join_bss_param *param, u8 *ies, u16 index = *out_index; if (ies[index] == SUPP_RATES_IE) { - rates_no = ies[index + 1]; - param->supp_rates[0] = rates_no; + *rates_no = ies[index + 1]; + param->supp_rates[0] = *rates_no; index += 2; - for (i = 0; i < rates_no; i++) + for (i = 0; i < *rates_no; i++) param->supp_rates[i + 1] = ies[index + i]; - index += rates_no; + index += *rates_no; } else if (ies[index] == EXT_SUPP_RATES_IE) { ext_rates_no = ies[index + 1]; - if (ext_rates_no > (MAX_RATES_SUPPORTED - rates_no)) + if (ext_rates_no > (MAX_RATES_SUPPORTED - *rates_no)) param->supp_rates[0] = MAX_RATES_SUPPORTED; else param->supp_rates[0] += ext_rates_no; index += 2; - for (i = 0; i < (param->supp_rates[0] - rates_no); i++) - param->supp_rates[rates_no + i + 1] = ies[index + i]; + for (i = 0; i < (param->supp_rates[0] - *rates_no); i++) + param->supp_rates[*rates_no + i + 1] = ies[index + i]; index += ext_rates_no; } else if (ies[index] == HT_CAPABILITY_IE) { @@ -3929,7 +3929,7 @@ static void host_int_fill_join_bss_param(struct join_bss_param *param, u8 *ies, *policy = ies[rsn_idx + ((j + 1) * 4) - 1]; } - auth_total_cnt += auth_cnt; + *auth_total_cnt += auth_cnt; rsn_idx += offset; if (ies[index] == RSN_IE) { @@ -3950,6 +3950,7 @@ static void *host_int_parse_join_bss_param(struct network_info *info) { struct join_bss_param *param = NULL; u16 index = 0; + u8 rates_no = 0; u8 pcipher_total_cnt = 0; u8 auth_total_cnt = 0; @@ -3969,7 +3970,8 @@ static void *host_int_parse_join_bss_param(struct network_info *info) while (index < info->ies_len) host_int_fill_join_bss_param(param, info->ies, &index, &pcipher_total_cnt, - &auth_total_cnt, info->tsf_lo); + &auth_total_cnt, info->tsf_lo, + &rates_no); return (void *)param; } |