diff options
| -rw-r--r-- | core/mac/src/include/dot11f.h | 2 | ||||
| -rw-r--r-- | core/mac/src/sys/legacy/src/utils/src/dot11f.c | 25 |
2 files changed, 16 insertions, 11 deletions
diff --git a/core/mac/src/include/dot11f.h b/core/mac/src/include/dot11f.h index 2be3a3883eee..cc69a0ed216d 100644 --- a/core/mac/src/include/dot11f.h +++ b/core/mac/src/include/dot11f.h @@ -26,7 +26,7 @@ * * * This file was automatically generated by 'framesc' - * Tue Sep 18 11:47:29 2018 from the following file(s): + * Tue Dec 11 14:40:59 2018 from the following file(s): * * dot11f.frms * diff --git a/core/mac/src/sys/legacy/src/utils/src/dot11f.c b/core/mac/src/sys/legacy/src/utils/src/dot11f.c index 65d29ae9a82d..fa57865abc1e 100644 --- a/core/mac/src/sys/legacy/src/utils/src/dot11f.c +++ b/core/mac/src/sys/legacy/src/utils/src/dot11f.c @@ -24,7 +24,7 @@ * * * This file was automatically generated by 'framesc' - * Tue Sep 18 11:47:29 2018 from the following file(s): + * Tue Dec 11 14:40:59 2018 from the following file(s): * * dot11f.frms * @@ -12083,20 +12083,25 @@ static uint32_t unpack_core(tpAniSirGlobal pCtx, } if (pIe) { - if ((nBufRemaining < pIe->minSize - pIe->noui - 2U) || - (len < pIe->minSize - pIe->noui - 2U)) { - FRAMES_LOG4(pCtx, FRLOGW, FRFL("The IE %s must " + if ((nBufRemaining < pIe->minSize - pIe->noui - 2U)) { + FRAMES_LOG3(pCtx, FRLOGW, FRFL("The IE %s must " "be at least %d bytes in size, but " "there are only %d bytes remaining in " - "this frame or the IE reports a size " - "of %d bytes.\n"), - pIe->name, pIe->minSize, nBufRemaining, - (len + pIe->noui + 2U)); + "this frame\n"), + pIe->name, pIe->minSize, nBufRemaining); FRAMES_DUMP(pCtx, FRLOG1, pBuf, nBuf); status |= DOT11F_INCOMPLETE_IE; FRAMES_DBG_BREAK(); goto MandatoryCheck; } else { + if (len < pIe->minSize - pIe->noui - 2U) { + FRAMES_LOG3(pCtx, FRLOGW, FRFL("The IE %s must " + "be at least %d bytes in size, but " + "there are only %d bytes in the IE\n"), + pIe->name, pIe->minSize, (len + pIe->noui + 2U)); + goto skip_ie; + } + if (len > pIe->maxSize - pIe->noui - 2U) { FRAMES_LOG1(pCtx, FRLOGW, FRFL("The IE %s reports " "an unexpectedly large size; it is presumably " @@ -12110,7 +12115,7 @@ static uint32_t unpack_core(tpAniSirGlobal pCtx, (*(uint16_t *)(pFrm + pIe->countOffset))); if (0 != pIe->arraybound && countOffset >= pIe->arraybound) { status |= DOT11F_DUPLICATE_IE; - goto skip_dup_ie; + goto skip_ie; } switch (pIe->sig) { case SigIeGTK: @@ -13572,7 +13577,7 @@ static uint32_t unpack_core(tpAniSirGlobal pCtx, status |= DOT11F_UNKNOWN_IES; } -skip_dup_ie: +skip_ie: pBufRemaining += len; if (len > nBufRemaining) { |