mac80211: parse Timeout Interval Element using a struct

Instead of open-coding the accesses and length check do
the length check in the IE parser and assign a struct
pointer for use in the remaining code.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index d10b5bba3268700bfe63c7121dbcc32cf1dd5a26..e46fea8b972e9c61f7347731e8240c3aab96761f 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -1955,6 +1955,16 @@ enum ieee80211_timeout_interval_type {
        WLAN_TIMEOUT_ASSOC_COMEBACK = 3 /* 802.11w */,
 };
 
+/**
+ * struct ieee80211_timeout_interval_ie - Timeout Interval element
+ * @type: type, see &enum ieee80211_timeout_interval_type
+ * @value: timeout interval value
+ */
+struct ieee80211_timeout_interval_ie {
+       u8 type;
+       __le32 value;
+} __packed;
+
 /* BACK action code */
 enum ieee80211_back_actioncode {
        WLAN_ACTION_ADDBA_REQ = 0,

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 6ad019d32623d5e9aea6e62979784d44a8072bd9..c783e996bcce578c0d82b2de84d00237435edb43 100644 (file)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1180,7 +1180,7 @@ struct ieee802_11_elems {
        const struct ieee80211_channel_sw_ie *ch_switch_ie;
        const u8 *country_elem;
        const u8 *pwr_constr_elem;
-       const u8 *timeout_int;
+       const struct ieee80211_timeout_interval_ie *timeout_int;
        const u8 *opmode_notif;
 
        /* length of them, respectively */
@@ -1198,7 +1198,6 @@ struct ieee802_11_elems {
        u8 prep_len;
        u8 perr_len;
        u8 country_elem_len;
-       u8 timeout_int_len;
 
        /* whether a parse error occurred while retrieving these elements */
        bool parse_error;

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 157d951df7a42df8b52bed012dd1f8c3e6631c26..304d6cfc6250f05517f0b95f8383edf5691eec8b 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2629,10 +2629,10 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
        ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
 
        if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
-           elems.timeout_int && elems.timeout_int_len == 5 &&
-           elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
+           elems.timeout_int &&
+           elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
                u32 tu, ms;
-               tu = get_unaligned_le32(elems.timeout_int + 1);
+               tu = le32_to_cpu(elems.timeout_int->value);
                ms = tu * 1024 / 1000;
                sdata_info(sdata,
                           "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 4839dec5c9ac47e847170f822773b809384330f8..f9581c6378aeb8317549ccc8d2fbc19bda37e08f 100644 (file)
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -874,8 +874,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
                        elems->pwr_constr_elem = pos;
                        break;
                case WLAN_EID_TIMEOUT_INTERVAL:
-                       elems->timeout_int = pos;
-                       elems->timeout_int_len = elen;
+                       if (elen >= sizeof(struct ieee80211_timeout_interval_ie))
+                               elems->timeout_int = (void *)pos;
+                       else
+                               elem_parse_failed = true;
                        break;
                default:
                        break;