wlan: Validate and Rectify RSN IE in probe response frame.

There are some Access points that have not included the capability field in the RSN ie's though the length for the RSN ie's indicate for the presence of this field. This shall result in the next byte after this RSN ie as the capability field , thus resulting in the improper interpretation of this field , the end result being a failure to connect to such AP's. This commit introduces a work around to interop with such AP's by appending the capability field with 0 value to the obtained ie. It updates MPDU length of received RxPacket based on addition of RSN Capability if it is missing in Probe response. Change-Id: Ic599c8bdb19e368fefb13293499451e7ab38d517 CRs-Fixed: 667983
author: Padma, Santhosh Kumar <skpadma@qti.qualcomm.com> 2015-04-15 18:57:12 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2015-06-29 07:25:07 -0700
commit: d21f447c3b34322f0a15be21d73eef3b4b74c366 (patch)
tree: 7f877e4868a4d6d24cd9ceed54bc2aa4897f621c /CORE/MAC/src
parent: 453c17348c936e5ffe502dc934973a9c67bc5c87 (diff)
2 files changed, 39 insertions, 8 deletions
diff --git a/CORE/MAC/src/include/parserApi.h b/CORE/MAC/src/include/parserApi.h
index 03fa7c5fe676..dd75d5e7b123 100644
--- a/CORE/MAC/src/include/parserApi.h
+++ b/CORE/MAC/src/include/parserApi.h
@@ -71,6 +71,13 @@ struct sAvoidChannelIE {
 };
 #endif /* FEATURE_AP_MCC_CH_AVOIDANCE */
 
+#define SIZE_OF_FIXED_PARAM ( 12 )
+#define SIZE_OF_TAG_PARAM_NUM  ( 1 )
+#define SIZE_OF_TAG_PARAM_LEN ( 1 )
+#define RSNIEID ( 0x30 )
+#define RSNIE_CAPABILITY_LEN ( 2 )
+#define DEFAULT_RSNIE_CAP_VAL ( 0x00 )
+
 typedef struct sSirCountryInformation
 {
     tANI_U8 countryString[COUNTRY_STRING_LENGTH];
@@ -537,8 +544,6 @@ sirConvertQosMapConfigureFrame2Struct(tpAniSirGlobal    pMac,
                           tANI_U32               nFrame,
                           tSirQosMapSet      *pQosMapSet);
 
-
-
 /**
  * \brief Populated a tDot11fFfCapabilities
  *
@@ -996,3 +1001,8 @@ sap_auth_offload_update_rsn_ie(tpAniSirGlobal pmac,
 
 tSirRetStatus PopulateDot11fTimingAdvertFrame(tpAniSirGlobal pMac,
     tDot11fTimingAdvertisementFrame *frame);
+
+tSirRetStatus sirvalidateandrectifyies(tpAniSirGlobal pMac,
+                                       tANI_U8 *pMgmtFrame,
+                                       tANI_U32 nFrameBytes,
+                                       tANI_U32 *nMissingRsnBytes);
diff --git a/CORE/MAC/src/pe/lim/limProcessProbeRspFrame.c b/CORE/MAC/src/pe/lim/limProcessProbeRspFrame.c
index 796dab3bdae7..79853ced64d6 100644
--- a/CORE/MAC/src/pe/lim/limProcessProbeRspFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessProbeRspFrame.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2015 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -53,13 +53,32 @@
 #include "parserApi.h"
 
 tSirRetStatus
-limValidateIEInformationInProbeRspFrame (tANI_U8 *pRxPacketInfo)
+limValidateIEInformationInProbeRspFrame (tpAniSirGlobal pMac,
+                                         tANI_U8 *pRxPacketInfo)
 {
    tSirRetStatus       status = eSIR_SUCCESS;
-
+   tANI_U8             *pFrame;
+   tANI_U32            nFrame;
+   tANI_U32            nMissingRsnBytes;
+
+   /*
+    * Validate a Probe response frame for malformed frame.
+    * If the frame is malformed then do not consider as it
+    * may cause problem fetching wrong IE values
+    */
    if (WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) < (SIR_MAC_B_PR_SSID_OFFSET + SIR_MAC_MIN_IE_LEN))
    {
-      status = eSIR_FAILURE;
+      return eSIR_FAILURE;
+   }
+
+   pFrame = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
+   nFrame = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo);
+   nMissingRsnBytes = 0;
+
+   status = sirvalidateandrectifyies(pMac, pFrame, nFrame, &nMissingRsnBytes);
+   if ( status == eSIR_SUCCESS )
+   {
+       WDA_GET_RX_MPDU_LEN(pRxPacketInfo) += nMissingRsnBytes;
    }
 
    return status;
@@ -136,7 +155,8 @@ limProcessProbeRspFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,tpPESession
    }
 
    // Validate IE information before processing Probe Response Frame
-   if (limValidateIEInformationInProbeRspFrame(pRxPacketInfo) != eSIR_SUCCESS)
+   if (limValidateIEInformationInProbeRspFrame(pMac, pRxPacketInfo)
+       != eSIR_SUCCESS)
    {
        PELOG1(limLog(pMac, LOG1,
                  FL("Parse error ProbeResponse, length=%d"), frameLen);)
@@ -370,7 +390,8 @@ limProcessProbeRspFrameNoSession(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo)
     }
 #endif
      // Validate IE information before processing Probe Response Frame
-    if (limValidateIEInformationInProbeRspFrame(pRxPacketInfo) != eSIR_SUCCESS)
+    if (limValidateIEInformationInProbeRspFrame(pMac, pRxPacketInfo)
+        != eSIR_SUCCESS)
     {
        PELOG1(limLog(pMac, LOG1,FL("Parse error ProbeResponse, length=%d"),
               frameLen);)
author	Padma, Santhosh Kumar <skpadma@qti.qualcomm.com>	2015-04-15 18:57:12 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2015-06-29 07:25:07 -0700
commit	d21f447c3b34322f0a15be21d73eef3b4b74c366 (patch)
tree	7f877e4868a4d6d24cd9ceed54bc2aa4897f621c /CORE/MAC/src
parent	453c17348c936e5ffe502dc934973a9c67bc5c87 (diff)