diff options
| author | Mahesh Kumar Kalikot Veetil <mkalikot@qca.qualcomm.com> | 2014-05-28 11:26:42 -0700 |
|---|---|---|
| committer | Akash Patel <c_akashp@qca.qualcomm.com> | 2014-06-06 00:18:44 -0700 |
| commit | 16ec462e186beba57a70dd0d84a4bdc7b7d2ca0d (patch) | |
| tree | 2c73264276a8c1e6663955d35883294aa7612e61 | |
| parent | 56a6398ba7dedfb274282382f9f93b0e2329cedf (diff) | |
qcacld: wlan: Fix MCC-to-SCC switch logic for WPA
MCC-to-SCC switch was failing when in wpa/wpa2/rsn mode
to bring up AP after the switch. The reason for this failure
was that start_bss was failing to find RSN IE template,
hence failing.
RSN IE is supposed to be stored in SAP context, but the data-structure
to store it was not allocated, only pointer was allocated.
Change-Id: I6d8a37cb395db727043b627fd88f0c8a0971884f
CRs-fixed: 665272
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_cfg80211.c | 40 | ||||
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_hostapd.c | 12 | ||||
| -rw-r--r-- | CORE/SAP/inc/sapApi.h | 4 | ||||
| -rw-r--r-- | CORE/SAP/src/sapFsm.c | 3 |
4 files changed, 38 insertions, 21 deletions
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c index b29abc2f96e7..47a725496713 100644 --- a/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -2217,7 +2217,6 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, int status = VOS_STATUS_SUCCESS; tpWLAN_SAPEventCB pSapEventCallback; hdd_hostapd_state_t *pHostapdState; - v_U8_t wpaRsnIEdata[(SIR_MAC_MAX_IE_LENGTH * 2)+4]; //Max ie length 255 * 2(WPA+RSN) + 2 bytes (vendor specific ID) * 2 v_CONTEXT_t pVosContext = (WLAN_HDD_GET_CTX(pHostapdAdapter))->pvosContext; tHalHandle hHal = WLAN_HDD_GET_HAL_CTX(pHostapdAdapter); struct qc_mac_acl_entry *acl_entry = NULL; @@ -2229,6 +2228,7 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, v_BOOL_t MFPRequired = VOS_FALSE; eHddDot11Mode sapDot11Mode = (WLAN_HDD_GET_CTX(pHostapdAdapter))->cfg_ini->sapDot11Mode; + u_int16_t prev_rsn_length = 0; ENTER(); @@ -2360,14 +2360,18 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, pConfig->fwdWPSPBCProbeReq = 1; // Forward WPS PBC probe request frame up pConfig->RSNWPAReqIELength = 0; - pConfig->pRSNWPAReqIE = NULL; + memset(&pConfig->RSNWPAReqIE[0], 0, sizeof(pConfig->RSNWPAReqIE)); pIe = wlan_hdd_cfg80211_get_ie_ptr(pBeacon->tail, pBeacon->tail_len, WLAN_EID_RSN); if(pIe && pIe[1]) { pConfig->RSNWPAReqIELength = pIe[1] + 2; - memcpy(&wpaRsnIEdata[0], pIe, pConfig->RSNWPAReqIELength); - pConfig->pRSNWPAReqIE = &wpaRsnIEdata[0]; + if (pConfig->RSNWPAReqIELength < sizeof(pConfig->RSNWPAReqIE)) + memcpy(&pConfig->RSNWPAReqIE[0], pIe, + pConfig->RSNWPAReqIELength); + else + hddLog(LOGE, "RSNWPA IE MAX Length exceeded; length =%d", + pConfig->RSNWPAReqIELength); /* The actual processing may eventually be more extensive than * this. Right now, just consume any PMKIDs that are sent in * by the app. @@ -2379,8 +2383,8 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, &RSNAuthType, &MFPCapable, &MFPRequired, - pConfig->pRSNWPAReqIE[1]+2, - pConfig->pRSNWPAReqIE ); + pConfig->RSNWPAReqIE[1]+2, + pConfig->RSNWPAReqIE ); if( VOS_STATUS_SUCCESS == status ) { @@ -2402,17 +2406,27 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, if(pIe && pIe[1] && (pIe[0] == DOT11F_EID_WPA)) { - if (pConfig->pRSNWPAReqIE) + if (pConfig->RSNWPAReqIE[0]) { /*Mixed mode WPA/WPA2*/ - memcpy((&wpaRsnIEdata[0] + pConfig->RSNWPAReqIELength), pIe, pIe[1] + 2); + prev_rsn_length = pConfig->RSNWPAReqIELength; pConfig->RSNWPAReqIELength += pIe[1] + 2; + if (pConfig->RSNWPAReqIELength < sizeof(pConfig->RSNWPAReqIE)) + memcpy(&pConfig->RSNWPAReqIE[0] + prev_rsn_length, pIe, + pIe[1] + 2); + else + hddLog(LOGE, "RSNWPA IE MAX Length exceeded; length =%d", + pConfig->RSNWPAReqIELength); } else { pConfig->RSNWPAReqIELength = pIe[1] + 2; - memcpy(&wpaRsnIEdata[0], pIe, pConfig->RSNWPAReqIELength); - pConfig->pRSNWPAReqIE = &wpaRsnIEdata[0]; + if (pConfig->RSNWPAReqIELength < sizeof(pConfig->RSNWPAReqIE)) + memcpy(&pConfig->RSNWPAReqIE[0], pIe, + pConfig->RSNWPAReqIELength); + else + hddLog(LOGE, "RSNWPA IE MAX Length exceeded; length =%d", + pConfig->RSNWPAReqIELength); status = hdd_softap_unpackIE( vos_get_context( VOS_MODULE_ID_SME, pVosContext), &RSNEncryptType, @@ -2420,8 +2434,8 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, &RSNAuthType, &MFPCapable, &MFPRequired, - pConfig->pRSNWPAReqIE[1]+2, - pConfig->pRSNWPAReqIE ); + pConfig->RSNWPAReqIE[1]+2, + pConfig->RSNWPAReqIE ); if( VOS_STATUS_SUCCESS == status ) { @@ -2439,7 +2453,7 @@ static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, } } - if (pConfig->RSNWPAReqIELength > sizeof wpaRsnIEdata) { + if (pConfig->RSNWPAReqIELength > sizeof(pConfig->RSNWPAReqIE)) { hddLog( VOS_TRACE_LEVEL_ERROR, "**RSNWPAReqIELength is too large***"); return -EINVAL; } diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c index 952d22ec0506..cc58f96cf174 100644 --- a/CORE/HDD/src/wlan_hdd_hostapd.c +++ b/CORE/HDD/src/wlan_hdd_hostapd.c @@ -2749,9 +2749,11 @@ static iw_softap_commit(struct net_device *dev, pConfig->wps_state = pCommitConfig->wps_state; pConfig->fwdWPSPBCProbeReq = 1; // Forward WPS PBC probe request frame up pConfig->RSNWPAReqIELength = pCommitConfig->RSNWPAReqIELength; - if(pConfig->RSNWPAReqIELength){ - pConfig->pRSNWPAReqIE = &pCommitConfig->RSNWPAReqIE[0]; - if ((pConfig->pRSNWPAReqIE[0] == DOT11F_EID_RSN) || (pConfig->pRSNWPAReqIE[0] == DOT11F_EID_WPA)){ + if(pConfig->RSNWPAReqIELength < sizeof(pConfig->RSNWPAReqIE)){ + memcpy(&pConfig->RSNWPAReqIE[0], &pCommitConfig->RSNWPAReqIE[0], + pConfig->RSNWPAReqIELength); + if ((pConfig->RSNWPAReqIE[0] == DOT11F_EID_RSN) || + (pConfig->RSNWPAReqIE[0] == DOT11F_EID_WPA)) { // The actual processing may eventually be more extensive than this. // Right now, just consume any PMKIDs that are sent in by the app. status = hdd_softap_unpackIE( @@ -2761,8 +2763,8 @@ static iw_softap_commit(struct net_device *dev, &RSNAuthType, &MFPCapable, &MFPRequired, - pConfig->pRSNWPAReqIE[1]+2, - pConfig->pRSNWPAReqIE ); + pConfig->RSNWPAReqIE[1]+2, + pConfig->RSNWPAReqIE ); if( VOS_STATUS_SUCCESS == status ) { diff --git a/CORE/SAP/inc/sapApi.h b/CORE/SAP/inc/sapApi.h index 372a195e04f1..fadfa9e620ec 100644 --- a/CORE/SAP/inc/sapApi.h +++ b/CORE/SAP/inc/sapApi.h @@ -441,8 +441,8 @@ typedef struct sap_Config { v_U8_t dtim_period; /* dtim interval */ v_U8_t num_accept_mac; v_U8_t num_deny_mac; - v_U8_t *pRSNWPAReqIE; //If not null, it has the IE byte stream for RSN /WPA - + /* Max ie length 255 * 2(WPA+RSN) + 2 bytes(vendor specific ID) * 2 */ + v_U8_t RSNWPAReqIE[(SIR_MAC_MAX_IE_LENGTH * 2) + 4]; v_U8_t countryCode[WNI_CFG_COUNTRY_CODE_LEN]; //it is ignored if [0] is 0. v_U8_t RSNAuthType; v_U8_t RSNEncryptType; diff --git a/CORE/SAP/src/sapFsm.c b/CORE/SAP/src/sapFsm.c index 1f0931cd72f1..08bb3232b72d 100644 --- a/CORE/SAP/src/sapFsm.c +++ b/CORE/SAP/src/sapFsm.c @@ -1511,7 +1511,8 @@ sapconvertToCsrProfile(tsap_Config_t *pconfig_params, eCsrRoamBssType bssType, t VOS_TRACE(VOS_MODULE_ID_SAP, VOS_TRACE_LEVEL_ERROR, " %s Fail to alloc memory", __func__); return eSAP_STATUS_FAILURE; } - vos_mem_copy(profile->pRSNReqIE, pconfig_params->pRSNWPAReqIE, pconfig_params->RSNWPAReqIELength); + vos_mem_copy(profile->pRSNReqIE, pconfig_params->RSNWPAReqIE, + pconfig_params->RSNWPAReqIELength); profile->nRSNReqIELength = pconfig_params->RSNWPAReqIELength; } |