@@ -63,7 +63,7 @@ ieee80211_he_mcs_set_size(const u8 *phy_cap_info)
static inline int ieee80211_check_he_cap_size(const u8 *buf, int len)
{
struct ieee80211_he_capabilities *cap = (struct ieee80211_he_capabilities *)buf;
- int cap_len = sizeof(struct ieee80211_he_capabilities);
+ int cap_len = sizeof(*cap) - sizeof(cap-optional);
if (len < cap_len)
return 1;
@@ -88,7 +88,7 @@ u8 * hostapd_eid_he_capab(struct hostapd_data *hapd, u8 *eid)
if (!mode)
return eid;
- ie_size = sizeof(struct ieee80211_he_capabilities);
+ ie_size = sizeof(*cap) - sizeof(cap-optional);
ppet_size = ieee80211_he_ppet_size(mode->he_capab.ppet[0],
mode->he_capab.phy_cap);
@@ -2109,7 +2109,7 @@ struct ieee80211_he_capabilities {
u8 he_phy_capab_info[11];
/* Followed by 4, 8, or 12 octets of Supported HE-MCS And NSS Set field
* and optional variable length PPE Thresholds field. */
- u8 optional[];
+ u8 optional[37];
} STRUCT_PACKED;
struct ieee80211_he_operation {
The helper was only copying the mandatory he_cap fields. Fix this by setting the max size of optional fields inside struct ieee80211_he_capabilities. We also need to make sure that the he_cap length calculation takes this into account. Signed-off-by: John Crispin <john@phrozen.org> --- src/ap/ieee802_11_he.c | 4 ++-- src/common/ieee802_11_defs.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)