From: Denis Kenzior <denkenz@gmail.com>
To: iwd@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH 4/7] netdev: iov_ie_append: Support iovecs with multiple IEs
Date: Thu, 30 Nov 2023 22:00:04 -0600 [thread overview]
Message-ID: <20231201040020.161143-4-denkenz@gmail.com> (raw)
In-Reply-To: <20231201040020.161143-1-denkenz@gmail.com>
iov_ie_append assumed that a single IE was being added and thus the
length of the IE could be extracted directly from the element. However,
iov_ie_append was used on buffers which could contain multiple IEs
concatenated together, for example in handshake_state::vendor_ies. Most
of the time this was safe since vendor_ies was NULL or contained a
single element, but would result in incorrect behavior in the general
case. Fix that by changing iov_ie_append signature to take an explicit
length argument and have the caller specify whether the element is a
single IE or multiple.
Fixes: 7e9971661bcb ("netdev: Append any vendor IEs from the handshake")
---
src/netdev.c | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index 208a15b94507..eb408447224c 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -209,7 +209,7 @@ static bool mac_per_ssid;
static unsigned int iov_ie_append(struct iovec *iov,
unsigned int n_iov, unsigned int c,
- const uint8_t *ie)
+ const uint8_t *ie, size_t len)
{
if (L_WARN_ON(c >= n_iov))
return n_iov;
@@ -218,7 +218,7 @@ static unsigned int iov_ie_append(struct iovec *iov,
return c;
iov[c].iov_base = (void *) ie;
- iov[c].iov_len = ie[1] + 2;
+ iov[c].iov_len = len;
return c + 1u;
}
@@ -286,19 +286,22 @@ static unsigned int netdev_populate_common_ies(struct netdev *netdev,
extended_capabilities = wiphy_get_extended_capabilities(netdev->wiphy,
netdev->type);
- c_iov = iov_ie_append(iov, n_iov, c_iov, extended_capabilities);
+ c_iov = iov_ie_append(iov, n_iov, c_iov, extended_capabilities,
+ IE_LEN(extended_capabilities));
rm_enabled_capabilities =
wiphy_get_rm_enabled_capabilities(netdev->wiphy);
- c_iov = iov_ie_append(iov, n_iov, c_iov, rm_enabled_capabilities);
+ c_iov = iov_ie_append(iov, n_iov, c_iov, rm_enabled_capabilities,
+ IE_LEN(rm_enabled_capabilities));
if (rm_enabled_capabilities)
l_genl_msg_append_attr(msg, NL80211_ATTR_USE_RRM, 0, NULL);
- c_iov = iov_ie_append(iov, n_iov, c_iov, hs->vendor_ies);
+ c_iov = iov_ie_append(iov, n_iov, c_iov,
+ hs->vendor_ies, hs->vendor_ies_len);
- if (hs->fils_ip_req_ie)
- c_iov = iov_ie_append(iov, n_iov, c_iov, hs->fils_ip_req_ie);
+ c_iov = iov_ie_append(iov, n_iov, c_iov, hs->fils_ip_req_ie,
+ IE_LEN(hs->fils_ip_req_ie));
return c_iov;
}
@@ -2502,7 +2505,8 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
if (is_rsn) {
nl80211_append_rsn_attributes(msg, hs);
- c_iov = iov_ie_append(iov, n_iov, c_iov, hs->supplicant_ie);
+ c_iov = iov_ie_append(iov, n_iov, c_iov, hs->supplicant_ie,
+ IE_LEN(hs->supplicant_ie));
}
if (is_rsn || hs->settings_8021x) {
@@ -2517,10 +2521,10 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
if (netdev->owe_sm) {
owe_build_dh_ie(netdev->owe_sm, owe_dh_ie, &dh_ie_len);
- c_iov = iov_ie_append(iov, n_iov, c_iov, owe_dh_ie);
+ c_iov = iov_ie_append(iov, n_iov, c_iov, owe_dh_ie, dh_ie_len);
}
- c_iov = iov_ie_append(iov, n_iov, c_iov, hs->mde);
+ c_iov = iov_ie_append(iov, n_iov, c_iov, hs->mde, IE_LEN(hs->mde));
c_iov = netdev_populate_common_ies(netdev, hs, msg, iov, n_iov, c_iov);
mpdu_sort_ies(subtype, iov, c_iov);
@@ -3267,9 +3271,11 @@ static void netdev_sae_tx_associate(void *user_data)
msg = netdev_build_cmd_associate_common(netdev);
- n_used = iov_ie_append(iov, n_iov, n_used, hs->supplicant_ie);
- n_used = iov_ie_append(iov, n_iov, n_used, hs->mde);
- n_used = iov_ie_append(iov, n_iov, n_used, hs->supplicant_rsnxe);
+ n_used = iov_ie_append(iov, n_iov, n_used, hs->supplicant_ie,
+ IE_LEN(hs->supplicant_ie));
+ n_used = iov_ie_append(iov, n_iov, n_used, hs->mde, IE_LEN(hs->mde));
+ n_used = iov_ie_append(iov, n_iov, n_used, hs->supplicant_rsnxe,
+ IE_LEN(hs->supplicant_rsnxe));
n_used = netdev_populate_common_ies(netdev, hs, msg,
iov, n_iov, n_used);
mpdu_sort_ies(subtype, iov, n_used);
--
2.43.0
next prev parent reply other threads:[~2023-12-01 4:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-01 4:00 [PATCH 1/7] handshake: Add cleanup function for handshake_state Denis Kenzior
2023-12-01 4:00 ` [PATCH 2/7] p2p: Simplify handshake_state cleanup Denis Kenzior
2023-12-01 4:00 ` [PATCH 3/7] p2p: Simplify cleanup of ies Denis Kenzior
2023-12-01 4:00 ` Denis Kenzior [this message]
2023-12-01 4:00 ` [PATCH 5/7] p2p: Use handshake to pass vendor ies Denis Kenzior
2023-12-01 4:00 ` [PATCH 6/7] wsc: " Denis Kenzior
2023-12-01 4:00 ` [PATCH 7/7] netdev: Remove vendor_ies from netdev_connect signature Denis Kenzior
2023-12-01 12:42 ` [PATCH 1/7] handshake: Add cleanup function for handshake_state James Prestwood
2023-12-01 15:08 ` Denis Kenzior
2023-12-01 15:22 ` James Prestwood
2023-12-01 15:32 ` James Prestwood
2023-12-01 16:06 ` James Prestwood
2023-12-01 16:32 ` Denis Kenzior
2023-12-01 16:47 ` James Prestwood
2023-12-01 16:30 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231201040020.161143-4-denkenz@gmail.com \
--to=denkenz@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox