diff options
author | Doug Brown <doug@schmorgal.com> | 2023-01-23 08:31:30 +0300 |
---|---|---|
committer | Kalle Valo <kvalo@kernel.org> | 2023-02-13 18:13:56 +0300 |
commit | 57db1ba357368b4de0ed3ede334a83929febb5d0 (patch) | |
tree | 815e5ba14a99fedbd56fc43de12715833aca64e4 | |
parent | 53d3a735875e35ccaf7a21b643feb167229515f1 (diff) | |
download | linux-57db1ba357368b4de0ed3ede334a83929febb5d0.tar.xz |
wifi: libertas: only add RSN/WPA IE in lbs_add_wpa_tlv
The existing code only converts the first IE to a TLV, but it returns a
value that takes the length of all IEs into account. When there is more
than one IE (which happens with modern wpa_supplicant versions for
example), the returned length is too long and extra junk TLVs get sent
to the firmware, resulting in an association failure.
Fix this by finding the first RSN or WPA IE and only adding that. This
has the extra benefit of working properly if the RSN/WPA IE isn't the
first one in the IE buffer.
While we're at it, clean up the code to use the available structs like
the other lbs_add_* functions instead of directly manipulating the TLV
buffer.
Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230123053132.30710-3-doug@schmorgal.com
-rw-r--r-- | drivers/net/wireless/marvell/libertas/cfg.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c index 3e065cbb0af9..3f35dc7a1d7d 100644 --- a/drivers/net/wireless/marvell/libertas/cfg.c +++ b/drivers/net/wireless/marvell/libertas/cfg.c @@ -416,10 +416,20 @@ static int lbs_add_cf_param_tlv(u8 *tlv) static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len) { - size_t tlv_len; + struct mrvl_ie_data *wpatlv = (struct mrvl_ie_data *)tlv; + const struct element *wpaie; + + /* Find the first RSN or WPA IE to use */ + wpaie = cfg80211_find_elem(WLAN_EID_RSN, ie, ie_len); + if (!wpaie) + wpaie = cfg80211_find_vendor_elem(WLAN_OUI_MICROSOFT, + WLAN_OUI_TYPE_MICROSOFT_WPA, + ie, ie_len); + if (!wpaie || wpaie->datalen > 128) + return 0; /* - * We need just convert an IE to an TLV. IEs use u8 for the header, + * Convert the found IE to a TLV. IEs use u8 for the header, * u8 type * u8 len * u8[] data @@ -428,14 +438,12 @@ static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len) * __le16 len * u8[] data */ - *tlv++ = *ie++; - *tlv++ = 0; - tlv_len = *tlv++ = *ie++; - *tlv++ = 0; - while (tlv_len--) - *tlv++ = *ie++; - /* the TLV is two bytes larger than the IE */ - return ie_len + 2; + wpatlv->header.type = cpu_to_le16(wpaie->id); + wpatlv->header.len = cpu_to_le16(wpaie->datalen); + memcpy(wpatlv->data, wpaie->data, wpaie->datalen); + + /* Return the total number of bytes added to the TLV buffer */ + return sizeof(struct mrvl_ie_header) + wpaie->datalen; } /* |