[PATCH v4 2/4] wifi: libertas: only add RSN/WPA IE in lbs_add_wpa_tlv

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Doug Brown <doug@schmorgal.com>
To: Kalle Valo <kvalo@kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>
Cc: Dan Williams <dcbw@redhat.com>,
	Simon Horman <simon.horman@corigine.com>,
	libertas-dev@lists.infradead.org, linux-wireless@vger.kernel.org,
	netdev@vger.kernel.org, Doug Brown <doug@schmorgal.com>
Subject: [PATCH v4 2/4] wifi: libertas: only add RSN/WPA IE in lbs_add_wpa_tlv
Date: Sun, 22 Jan 2023 21:31:30 -0800	[thread overview]
Message-ID: <20230123053132.30710-3-doug@schmorgal.com> (raw)
In-Reply-To: <20230123053132.30710-1-doug@schmorgal.com>

The existing code only converts the first IE to a TLV, but it returns a
value that takes the length of all IEs into account. When there is more
than one IE (which happens with modern wpa_supplicant versions for
example), the returned length is too long and extra junk TLVs get sent
to the firmware, resulting in an association failure.

Fix this by finding the first RSN or WPA IE and only adding that. This
has the extra benefit of working properly if the RSN/WPA IE isn't the
first one in the IE buffer.

While we're at it, clean up the code to use the available structs like
the other lbs_add_* functions instead of directly manipulating the TLV
buffer.

Signed-off-by: Doug Brown <doug@schmorgal.com>
---
 drivers/net/wireless/marvell/libertas/cfg.c | 28 +++++++++++++--------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c
index 3e065cbb0af9..3f35dc7a1d7d 100644
--- a/drivers/net/wireless/marvell/libertas/cfg.c
+++ b/drivers/net/wireless/marvell/libertas/cfg.c
@@ -416,10 +416,20 @@ static int lbs_add_cf_param_tlv(u8 *tlv)
 
 static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len)
 {
-	size_t tlv_len;
+	struct mrvl_ie_data *wpatlv = (struct mrvl_ie_data *)tlv;
+	const struct element *wpaie;
+
+	/* Find the first RSN or WPA IE to use */
+	wpaie = cfg80211_find_elem(WLAN_EID_RSN, ie, ie_len);
+	if (!wpaie)
+		wpaie = cfg80211_find_vendor_elem(WLAN_OUI_MICROSOFT,
+						  WLAN_OUI_TYPE_MICROSOFT_WPA,
+						  ie, ie_len);
+	if (!wpaie || wpaie->datalen > 128)
+		return 0;
 
 	/*
-	 * We need just convert an IE to an TLV. IEs use u8 for the header,
+	 * Convert the found IE to a TLV. IEs use u8 for the header,
 	 *   u8      type
 	 *   u8      len
 	 *   u8[]    data
@@ -428,14 +438,12 @@ static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len)
 	 *   __le16  len
 	 *   u8[]    data
 	 */
-	*tlv++ = *ie++;
-	*tlv++ = 0;
-	tlv_len = *tlv++ = *ie++;
-	*tlv++ = 0;
-	while (tlv_len--)
-		*tlv++ = *ie++;
-	/* the TLV is two bytes larger than the IE */
-	return ie_len + 2;
+	wpatlv->header.type = cpu_to_le16(wpaie->id);
+	wpatlv->header.len = cpu_to_le16(wpaie->datalen);
+	memcpy(wpatlv->data, wpaie->data, wpaie->datalen);
+
+	/* Return the total number of bytes added to the TLV buffer */
+	return sizeof(struct mrvl_ie_header) + wpaie->datalen;
 }
 
 /*
-- 
2.34.1

next prev parent reply	other threads:[~2023-01-23  5:32 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-23  5:31 [PATCH v4 0/4] wifi: libertas: IE handling fixes Doug Brown
2023-01-23  5:31 ` [PATCH v4 1/4] wifi: libertas: fix code style in Marvell structs Doug Brown
2023-02-13 15:14   ` Kalle Valo
2023-01-23  5:31 ` Doug Brown [this message]
2023-01-23  5:31 ` [PATCH v4 3/4] wifi: libertas: add new TLV type for WPS enrollee IE Doug Brown
2023-01-23  5:31 ` [PATCH v4 4/4] wifi: libertas: add support for WPS enrollee IE in probe requests Doug Brown
2023-01-23  8:06 ` [PATCH v4 0/4] wifi: libertas: IE handling fixes Simon Horman
2023-01-24 18:24 ` Dan Williams

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3e065cbb0af dfblob:3f35dc7a1d7 )
 OR (
bs:"[PATCH v4 2/4] wifi: libertas: only add RSN/WPA IE in lbs_add_wpa_tlv" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230123053132.30710-3-doug@schmorgal.com \
    --to=doug@schmorgal.com \
    --cc=davem@davemloft.net \
    --cc=dcbw@redhat.com \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=kvalo@kernel.org \
    --cc=libertas-dev@lists.infradead.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=simon.horman@corigine.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).