diff options
| -rw-r--r-- | core/mac/src/pe/lim/lim_assoc_utils.c | 8 | ||||
| -rw-r--r-- | core/mac/src/pe/lim/lim_process_assoc_req_frame.c | 19 |
2 files changed, 14 insertions, 13 deletions
diff --git a/core/mac/src/pe/lim/lim_assoc_utils.c b/core/mac/src/pe/lim/lim_assoc_utils.c index 4aabe564137e..1fd6be6ca2ac 100644 --- a/core/mac/src/pe/lim/lim_assoc_utils.c +++ b/core/mac/src/pe/lim/lim_assoc_utils.c @@ -340,8 +340,8 @@ static inline bool is_non_rsn_cipher(uint8_t cipher_suite) * frame handling to determine whether received RSN in * Assoc/Reassoc request frames include supported cipher suites or not. * - * Return: eSIR_SUCCESS if ALL BSS basic rates are present in the - * received rateset else failure status. + * Return: eSIR_SUCCESS if ALL supported cipher suites are present in the + * received rsn IE else failure status. */ uint8_t @@ -452,8 +452,8 @@ lim_check_rx_rsn_ie_match(tpAniSirGlobal mac_ctx, tDot11fIERSN rx_rsn_ie, * frame handling to determine whether received RSN in * Assoc/Reassoc request frames include supported cipher suites or not. * - * Return: Success if ALL BSS basic rates are present in the - * received rateset else failure status. + * Return: Success if ALL supported cipher suites are present in the + * received wpa IE else failure status. */ uint8_t diff --git a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c index 661d8e395bf1..a0705ba905a6 100644 --- a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c +++ b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c @@ -728,7 +728,7 @@ static void lim_print_ht_cap(tpAniSirGlobal mac_ctx, tpPESession session, * * wpa ie related checks * - * Return: true of no error, false otherwise + * Return: true if no error, false otherwise */ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, tpSirMacMgmtHdr hdr, @@ -737,6 +737,7 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, uint8_t sub_type, bool *pmf_connection) { uint8_t *wps_ie = NULL; + uint32_t ret; tDot11fIEWPA dot11f_ie_wpa = {0}; tDot11fIERSN dot11f_ie_rsn = {0}; tSirRetStatus status = eSIR_SUCCESS; @@ -767,11 +768,11 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, if (assoc_req->rsnPresent) { if (assoc_req->rsn.length) { /* Unpack the RSN IE */ - if (dot11f_unpack_ie_rsn(mac_ctx, + ret = dot11f_unpack_ie_rsn(mac_ctx, &assoc_req->rsn.info[0], assoc_req->rsn.length, - &dot11f_ie_rsn, false) != - DOT11F_PARSE_SUCCESS) { + &dot11f_ie_rsn, false); + if (!DOT11F_SUCCEEDED(ret)) { pe_err("Invalid RSN ie"); return false; } @@ -843,11 +844,11 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, /* Unpack the WPA IE */ if (assoc_req->wpa.length) { /* OUI is not taken care */ - if (dot11f_unpack_ie_wpa(mac_ctx, - &assoc_req->wpa.info[4], - assoc_req->wpa.length, - &dot11f_ie_wpa, false) != - DOT11F_PARSE_SUCCESS) { + ret = dot11f_unpack_ie_wpa(mac_ctx, + &assoc_req->wpa.info[4], + (assoc_req->wpa.length - 4), + &dot11f_ie_wpa, false); + if (!DOT11F_SUCCEEDED(ret)) { pe_err("Invalid WPA IE"); return false; } |