staging: wilc1000: Avoid overriding rates_no while parsing ies element.

Commit d4b4aaba51 ("staging: wilc1000: fix line over 80 characters in
host_int_parse_join_bss_param()") introduced a bug by not keeping the
rates_no value while parsing ies elements.
It also increments auth_total_cnt as a pointer instead of its reference.

This commit fixes the bug by passing reference to rates_no to
host_int_parse_join_bss_param() and by incrementing reference of
auth_total_cnt

Fixes: d4b4aaba51 (staging: wilc1000: fix line over 80 characters in host_int_parse_join_bss_param())
Signed-off-by: Adham Abozaeid <adham.abozaeid@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Adham Abozaeid 2018-05-23 17:02:14 -07:00 committed by Greg Kroah-Hartman
parent 173ffd0993
commit 979eb0c96b
1 changed files with 13 additions and 11 deletions

View File

@ -3813,9 +3813,9 @@ int wilc_setup_multicast_filter(struct wilc_vif *vif, bool enabled,
static void host_int_fill_join_bss_param(struct join_bss_param *param, u8 *ies,
u16 *out_index, u8 *pcipher_tc,
u8 *auth_total_cnt, u32 tsf_lo)
u8 *auth_total_cnt, u32 tsf_lo,
u8 *rates_no)
{
u8 rates_no = 0;
u8 ext_rates_no;
u16 offset;
u8 pcipher_cnt;
@ -3824,23 +3824,23 @@ static void host_int_fill_join_bss_param(struct join_bss_param *param, u8 *ies,
u16 index = *out_index;
if (ies[index] == SUPP_RATES_IE) {
rates_no = ies[index + 1];
param->supp_rates[0] = rates_no;
*rates_no = ies[index + 1];
param->supp_rates[0] = *rates_no;
index += 2;
for (i = 0; i < rates_no; i++)
for (i = 0; i < *rates_no; i++)
param->supp_rates[i + 1] = ies[index + i];
index += rates_no;
index += *rates_no;
} else if (ies[index] == EXT_SUPP_RATES_IE) {
ext_rates_no = ies[index + 1];
if (ext_rates_no > (MAX_RATES_SUPPORTED - rates_no))
if (ext_rates_no > (MAX_RATES_SUPPORTED - *rates_no))
param->supp_rates[0] = MAX_RATES_SUPPORTED;
else
param->supp_rates[0] += ext_rates_no;
index += 2;
for (i = 0; i < (param->supp_rates[0] - rates_no); i++)
param->supp_rates[rates_no + i + 1] = ies[index + i];
for (i = 0; i < (param->supp_rates[0] - *rates_no); i++)
param->supp_rates[*rates_no + i + 1] = ies[index + i];
index += ext_rates_no;
} else if (ies[index] == HT_CAPABILITY_IE) {
@ -3929,7 +3929,7 @@ static void host_int_fill_join_bss_param(struct join_bss_param *param, u8 *ies,
*policy = ies[rsn_idx + ((j + 1) * 4) - 1];
}
auth_total_cnt += auth_cnt;
*auth_total_cnt += auth_cnt;
rsn_idx += offset;
if (ies[index] == RSN_IE) {
@ -3950,6 +3950,7 @@ static void *host_int_parse_join_bss_param(struct network_info *info)
{
struct join_bss_param *param = NULL;
u16 index = 0;
u8 rates_no = 0;
u8 pcipher_total_cnt = 0;
u8 auth_total_cnt = 0;
@ -3969,7 +3970,8 @@ static void *host_int_parse_join_bss_param(struct network_info *info)
while (index < info->ies_len)
host_int_fill_join_bss_param(param, info->ies, &index,
&pcipher_total_cnt,
&auth_total_cnt, info->tsf_lo);
&auth_total_cnt, info->tsf_lo,
&rates_no);
return (void *)param;
}