From patchwork Tue Sep 24 07:59:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: You-Sheng Yang X-Patchwork-Id: 1166439 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46ctvJ2GkBz9sP7; Tue, 24 Sep 2019 18:02:04 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1iCfln-0000PB-EE; Tue, 24 Sep 2019 08:01:59 +0000 Received: from mail-pl1-f196.google.com ([209.85.214.196]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iCflL-0008JM-4b for kernel-team@lists.ubuntu.com; Tue, 24 Sep 2019 08:01:31 +0000 Received: by mail-pl1-f196.google.com with SMTP id e5so631261pls.9 for ; Tue, 24 Sep 2019 01:01:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7HRgjnnaJR1rpL9eeTSqehzyI2bxnO9+h9kTlPvkDQ0=; b=F3PcTfcv/dAvUr3NwQ3UedGwPLqdcCQZuHknvo+DVooebccRaSWD6+xRm/VnZ9hH+R 7PWJBdyEPr+H8Wg4hWU9/DxlstW3ayc2bWDq9OWBBoRFanr+VS8DYHPLGoavfSlGKGQn RSCO3vslTIn5SuaYbgqPyfMkWitadgChEznpk9l1I45N6uuX8eA/5grt594Styb5LJ6s sq6G++WHOInltdB/YYlGkkMm2BUE45wybXuUKwDP+ojSwrX5t41MkvQKeudmz5VDOoIM LgSVMXm8NfXXRj3e5LKLA9vQzCck6M25lQhwiNXiSIpf5tnFY2FrQM5Fbfy+HcrBFm56 fvlw== X-Gm-Message-State: APjAAAUeDe3HkeRwTMoQ2kErdC+K1Tcf2NX972mobPqH5aSPIP8n7btl eDtnYSGRJh/7LQ1+WLSacd4UKr51 X-Google-Smtp-Source: APXvYqwSfAsy2fHFLIqrzO23gyccEJD0wZykxgkWcbXcZfQNSf8Lkgq5qo5dHRE/JTxweiWE6TXisQ== X-Received: by 2002:a17:902:868a:: with SMTP id g10mr1601428plo.235.1569312089348; Tue, 24 Sep 2019 01:01:29 -0700 (PDT) Received: from localhost.localdomain (61-220-137-37.HINET-IP.hinet.net. [61.220.137.37]) by smtp.gmail.com with ESMTPSA id g202sm1359780pfb.155.2019.09.24.01.01.23 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 24 Sep 2019 01:01:28 -0700 (PDT) From: You-Sheng Yang To: kernel-team@lists.ubuntu.com Subject: [PATCH 16/21][SRU][OEM-OSP1-B] cfg80211: fix the IE inheritance of extension IEs Date: Tue, 24 Sep 2019 15:59:42 +0800 Message-Id: <20190924075947.33954-17-vicamo.yang@canonical.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190924075947.33954-1-vicamo.yang@canonical.com> References: <20190924075947.33954-1-vicamo.yang@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Sara Sharon BugLink: https://bugs.launchpad.net/bugs/1845138 Extension IEs have ID 255 followed by extension ID. Current code is buggy in handling it in two ways: 1. When checking if IE is in the frame, it uses just the ID, which for extension elements is too broad. 2. It uses 0xFF to mark copied IEs, which will result in not copying extension IEs from the subelement. Fix both issue. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg (cherry picked from commit c17fe043a3b79255c6cbe76aafb594849fac0005) Signed-off-by: You-Sheng Yang --- net/wireless/scan.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 387e5f868684d..46ecb10e85fb4 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -216,7 +216,13 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, continue; } - tmp = (u8 *)cfg80211_find_ie(tmp_old[0], sub_copy, subie_len); + if (tmp_old[0] == WLAN_EID_EXTENSION) + tmp = (u8 *)cfg80211_find_ext_ie(tmp_old[2], sub_copy, + subie_len); + else + tmp = (u8 *)cfg80211_find_ie(tmp_old[0], sub_copy, + subie_len); + if (!tmp) { /* ie in old ie but not in subelement */ if (tmp_old[0] != WLAN_EID_MULTIPLE_BSSID) { @@ -226,8 +232,9 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, } else { /* ie in transmitting ie also in subelement, * copy from subelement and flag the ie in subelement - * as copied (by setting eid field to 0xff). For - * vendor ie, compare OUI + type + subType to + * as copied (by setting eid field to WLAN_EID_SSID, + * which is skipped anyway). + * For vendor ie, compare OUI + type + subType to * determine if they are the same ie. */ if (tmp_old[0] == WLAN_EID_VENDOR_SPECIFIC) { @@ -237,7 +244,7 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, */ memcpy(pos, tmp, tmp[1] + 2); pos += tmp[1] + 2; - tmp[0] = 0xff; + tmp[0] = WLAN_EID_SSID; } else { memcpy(pos, tmp_old, tmp_old[1] + 2); pos += tmp_old[1] + 2; @@ -246,7 +253,7 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, /* copy ie from subelement into new ie */ memcpy(pos, tmp, tmp[1] + 2); pos += tmp[1] + 2; - tmp[0] = 0xff; + tmp[0] = WLAN_EID_SSID; } } @@ -263,8 +270,7 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP || tmp_new[0] == WLAN_EID_SSID || - tmp_new[0] == WLAN_EID_MULTI_BSSID_IDX || - tmp_new[0] == 0xff)) { + tmp_new[0] == WLAN_EID_MULTI_BSSID_IDX)) { memcpy(pos, tmp_new, tmp_new[1] + 2); pos += tmp_new[1] + 2; }