This function was extremely buggy calling kmalloc(GFP_KERNEL) while
holding a spin lock and then potentially overflowing the buffer it had
allocated.
Since the generated output wasn't used for anything, simply rip the
whole thing out.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
These are duplicated from the kernel headers and not used anymore
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This removes the double content tracking of data from IE elements. The
relevant code to validate IEs is moved to rtw_mlme_ext.c as this is
the only place where it is used.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use cfg80211 interface to search for HT capabilities.
This was the last user of struct rtw_ieee802_11_elems, which can now
be removed.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reduces the dependency of rtw_ieee802_11_parse_elems23a() which
is only used in this function. Follow-on patches will remove the
remaining dependencies and get rid of the function.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove excessive brackets and some general cleanups
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use cfg80211_find_ie() and cfg80211_find_vendor_ie() rather than own
hacks.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is no point doing a double check of the IE, either we found an
WLAN_EID_SSID or we didn't.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean up the code by passing a struct ieee80211_mgmt pointer instead
of a raw frame pointer. In addition check we receive a beacon frame,
anything else here is an error.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We always receive a struct ieee80211_mgmt frame here, using just
ieee80211_hdr doesn't make sense.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In addition, make them all static and move the prototypes to
rtw_mlme_ext.c.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This converts it to use struct ieee80211_mgmt and cfg80211_find_ie().
In addition fix a potential buffer overrun in the last loop searching
through list WLAN_EID_VENDOR_SPECIFIC elements.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This converts OnAction23a_back23a() to using struct ieee80211_mgmt to
parse the response packet. In addition this revealed a bug which has
been fixed:
case WLAN_ACTION_ADDBA_RESP: /* ADDBA response */
status = get_unaligned_le16(&frame_body[3]);
tid = ((frame_body[5] >> 2) & 0x7);
The above masks the tid to 3 bits, however per ieee80211.h, the tid is
in fact 4 bits wide, as defined by IEEE80211_ADDBA_PARAM_TID_MASK (0x3c)
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use proper kernel ieee80211.h defined headers to parse the response.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use the proper ieee80211.h structs to parse the response instead of
hard coded offsets.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use the proper ieee80211.h structs to parse the response instead of
hard coded offsets.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use cfg80211_find_ie() and tidy up the code
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Switch to using cfg80211_find_ie() and tidy of the code.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Switch to using cfg80211_find_ie() and remove commented out code.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Discussing with Johannes Berg and Larry Finger, we have concluded that
this code really should be handled through wpa_supplicant, and not in
the kernel.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
