diff options
| -rw-r--r-- | CORE/MAC/src/include/dot11f.h | 2 | ||||
| -rw-r--r-- | CORE/SYS/legacy/src/utils/src/dot11f.c | 37 |
2 files changed, 36 insertions, 3 deletions
diff --git a/CORE/MAC/src/include/dot11f.h b/CORE/MAC/src/include/dot11f.h index 9dc58199951b..c65e0086d414 100644 --- a/CORE/MAC/src/include/dot11f.h +++ b/CORE/MAC/src/include/dot11f.h @@ -37,7 +37,7 @@ * * * This file was automatically generated by 'framesc' - * Thu Nov 27 16:19:21 2014 from the following file(s): + * Mon Dec 1 12:10:27 2014 from the following file(s): * * dot11f.frms * diff --git a/CORE/SYS/legacy/src/utils/src/dot11f.c b/CORE/SYS/legacy/src/utils/src/dot11f.c index 155ff9edfadd..eb9940ab3941 100644 --- a/CORE/SYS/legacy/src/utils/src/dot11f.c +++ b/CORE/SYS/legacy/src/utils/src/dot11f.c @@ -35,7 +35,7 @@ * * * This file was automatically generated by 'framesc' - * Thu Nov 27 16:19:21 2014 from the following file(s): + * Mon Dec 1 12:10:27 2014 from the following file(s): * * dot11f.frms * @@ -2783,6 +2783,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, (void) pBuf; (void)ielen; /* Shutup the compiler */ if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp33__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2794,6 +2797,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->reserved3 = tmp33__ >> 5 & 0x1; pDst->spsmpCap = tmp33__ >> 6 & 0x1; pDst->event = tmp33__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp34__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2805,6 +2811,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->coLocIntfReporting = tmp34__ >> 5 & 0x1; pDst->civicLoc = tmp34__ >> 6 & 0x1; pDst->geospatialLoc = tmp34__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp35__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2816,6 +2825,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->acStaCnt = tmp35__ >> 5 & 0x1; pDst->multiBSSID = tmp35__ >> 6 & 0x1; pDst->timingMeas = tmp35__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp36__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2827,6 +2839,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->TDLSPeerPSMSupp = tmp36__ >> 5 & 0x1; pDst->TDLSChannelSwitching = tmp36__ >> 6 & 0x1; pDst->interworkingService = tmp36__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp37__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2838,6 +2853,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->TDLSSupport = tmp37__ >> 5 & 0x1; pDst->TDLSProhibited = tmp37__ >> 6 & 0x1; pDst->TDLSChanSwitProhibited = tmp37__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp38__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2847,6 +2865,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->uapsdCoexistence = tmp38__ >> 5 & 0x1; pDst->wnmNotification = tmp38__ >> 6 & 0x1; pDst->QABcapbility = tmp38__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp39__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2858,6 +2879,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->MeshGCR = tmp39__ >> 5 & 0x1; pDst->SCS = tmp39__ >> 6 & 0x1; pDst->QLoadReport = tmp39__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp40__ = *pBuf; pBuf += 1; ielen -= 1; @@ -2869,6 +2893,9 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->TDLSWiderBW = tmp40__ >> 5 & 0x1; pDst->operModeNotification = tmp40__ >> 6 & 0x1; pDst->maxNumOfMSDU_bit1 = tmp40__ >> 7 & 0x1; + + if (!ielen) /* Check to ensure copying of ielen bytes */ + goto endUnpackIeExtCap; tmp41__ = *pBuf; pDst->maxNumOfMSDU_bit2 = tmp41__ >> 0 & 0x1; pDst->ChanSchMgmt = tmp41__ >> 1 & 0x1; @@ -2878,6 +2905,8 @@ tANI_U32 dot11fUnpackIeExtCap(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen, pDst->ChanAvailQuery = tmp41__ >> 5 & 0x1; pDst->fineTimingMeas = tmp41__ >> 6 & 0x1; pDst->reserved7 = tmp41__ >> 7 & 0x1; + +endUnpackIeExtCap: (void)pCtx; return status; } /* End dot11fUnpackIeExtCap. */ @@ -19357,7 +19386,11 @@ static tANI_U32 UnpackCore(tpAniSirGlobal pCtx, status |= dot11fUnpackIeMobilityDomain(pCtx, pBufRemaining, len, ( tDot11fIEMobilityDomain* )(pFrm + pIe->offset + sizeof(tDot11fIEMobilityDomain)*countOffset) ); break; case SigIeNeighborReport: - status |= dot11fUnpackIeNeighborReport(pCtx, pBufRemaining, len, ( tDot11fIENeighborReport* )(pFrm + pIe->offset + sizeof(tDot11fIENeighborReport)*countOffset) ); + if (countOffset < MAX_SUPPORTED_NEIGHBOR_RPT) { + status |= dot11fUnpackIeNeighborReport(pCtx, pBufRemaining, len, ( tDot11fIENeighborReport* )(pFrm + pIe->offset + sizeof(tDot11fIENeighborReport)*countOffset) ); + } else { + status |= DOT11F_BUFFER_OVERFLOW; + } break; case SigIeOBSSScanParameters: status |= dot11fUnpackIeOBSSScanParameters(pCtx, pBufRemaining, len, ( tDot11fIEOBSSScanParameters* )(pFrm + pIe->offset + sizeof(tDot11fIEOBSSScanParameters)*countOffset) ); |