mac80211: disable HT/VHT if AP has no HT/VHT capability

Having HT/VHT operation IEs but not capability IEs
leads to a strange situation where we configure the
channel to an HT or VHT bandwidth and then can't
actually use it. Prevent this by checking that the
HT and VHT capability IEs are present as well as
the operation IEs; if not, disable HT and/or VHT.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index f2c6f7794f3503841798c2e78722cc3ef6ab9409..03f278880dba6675890d77c5490c600c69c2ab9c 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3589,16 +3589,22 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
 
        if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
            sband->ht_cap.ht_supported) {
-               const u8 *ht_oper_ie;
+               const u8 *ht_oper_ie, *ht_cap;
 
                ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
                if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
                        ht_oper = (void *)(ht_oper_ie + 2);
+
+               ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
+               if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
+                       ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
+                       ht_oper = NULL;
+               }
        }
 
        if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
            sband->vht_cap.vht_supported) {
-               const u8 *vht_oper_ie;
+               const u8 *vht_oper_ie, *vht_cap;
 
                vht_oper_ie = ieee80211_bss_get_ie(cbss,
                                                   WLAN_EID_VHT_OPERATION);
@@ -3611,6 +3617,12 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
                        ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
                        ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
                }
+
+               vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
+               if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
+                       ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
+                       vht_oper = NULL;
+               }
        }
 
        ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,