diff options
Diffstat (limited to 'core/mac/src/pe/lim')
| -rw-r--r-- | core/mac/src/pe/lim/lim_assoc_utils.c | 8 | ||||
| -rw-r--r-- | core/mac/src/pe/lim/lim_process_assoc_req_frame.c | 22 |
2 files changed, 16 insertions, 14 deletions
diff --git a/core/mac/src/pe/lim/lim_assoc_utils.c b/core/mac/src/pe/lim/lim_assoc_utils.c index e7ca136f20..a01d870436 100644 --- a/core/mac/src/pe/lim/lim_assoc_utils.c +++ b/core/mac/src/pe/lim/lim_assoc_utils.c @@ -349,8 +349,8 @@ static inline bool is_non_rsn_cipher(uint8_t cipher_suite) * frame handling to determine whether received RSN in * Assoc/Reassoc request frames include supported cipher suites or not. * - * Return: eSIR_SUCCESS if ALL BSS basic rates are present in the - * received rateset else failure status. + * Return: eSIR_SUCCESS if ALL supported cipher suites are present in the + * received rsn IE else failure status. */ uint8_t @@ -461,8 +461,8 @@ lim_check_rx_rsn_ie_match(tpAniSirGlobal mac_ctx, tDot11fIERSN rx_rsn_ie, * frame handling to determine whether received RSN in * Assoc/Reassoc request frames include supported cipher suites or not. * - * Return: Success if ALL BSS basic rates are present in the - * received rateset else failure status. + * Return: Success if ALL supported cipher suites are present in the + * received wpa IE else failure status. */ uint8_t diff --git a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c index 3e33457688..9f8a5d7803 100644 --- a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c +++ b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c @@ -737,7 +737,7 @@ static void lim_print_ht_cap(tpAniSirGlobal mac_ctx, tpPESession session, * * wpa ie related checks * - * Return: true of no error, false otherwise + * Return: true if no error, false otherwise */ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, tpSirMacMgmtHdr hdr, @@ -746,6 +746,7 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, uint8_t sub_type, bool *pmf_connection) { uint8_t *wps_ie = NULL; + uint32_t ret; tDot11fIEWPA dot11f_ie_wpa = {0}; tDot11fIERSN dot11f_ie_rsn = {0}; tSirRetStatus status = eSIR_SUCCESS; @@ -776,11 +777,11 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, if (assoc_req->rsnPresent) { if (assoc_req->rsn.length) { /* Unpack the RSN IE */ - if (dot11f_unpack_ie_rsn(mac_ctx, + ret = dot11f_unpack_ie_rsn(mac_ctx, &assoc_req->rsn.info[0], assoc_req->rsn.length, - &dot11f_ie_rsn, false) != - DOT11F_PARSE_SUCCESS) { + &dot11f_ie_rsn, false); + if (!DOT11F_SUCCEEDED(ret)) { pe_err("Invalid RSN ie"); return false; } @@ -852,11 +853,11 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, /* Unpack the WPA IE */ if (assoc_req->wpa.length) { /* OUI is not taken care */ - if (dot11f_unpack_ie_wpa(mac_ctx, - &assoc_req->wpa.info[4], - assoc_req->wpa.length, - &dot11f_ie_wpa, false) != - DOT11F_PARSE_SUCCESS) { + ret = dot11f_unpack_ie_wpa(mac_ctx, + &assoc_req->wpa.info[4], + (assoc_req->wpa.length - 4), + &dot11f_ie_wpa, false); + if (!DOT11F_SUCCEEDED(ret)) { pe_err("Invalid WPA IE"); return false; } @@ -1846,7 +1847,8 @@ void lim_process_assoc_req_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info, LIM_ACCESS_POLICY_RESPOND_IF_IE_IS_PRESENT)) { if (!cfg_get_vendor_ie_ptr_from_oui(mac_ctx, &session->access_policy_vendor_ie[2], - 3, frm_body + LIM_ASSOC_REQ_IE_OFFSET, frame_len)) { + 3, frm_body + LIM_ASSOC_REQ_IE_OFFSET, + frame_len - LIM_ASSOC_REQ_IE_OFFSET)) { pe_err("Vendor ie not present and access policy is %x, Rejected association", session->access_policy); lim_send_assoc_rsp_mgmt_frame(mac_ctx, |