mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-21 20:12:37 +01:00
ie: Fix up broken Access Point with too many rates added
According to the specification, Supported rates IE is supposed to have a maximum length of eight rate bytes. In the wild an Access Point is found to add 12 bytes of data instead of placing excess rate bytes in an Extended Rates IE. BSS: len 480 BSSID 44:39:C4:XX:XX:XX Probe Response: true TSF: 0 (0x0000000000000000) IEs: len 188 ... Supported rates: 1.0(B) 2.0(B) 5.5(B) 6.0(B) 9.0 11.0(B) 12.0(B) 18.0 Mbit/s 24.0(B) 36.0 48.0 54.0 Mbit/s 82 84 8b 8c 12 96 98 24 b0 48 60 6c .......$.H`l DSSS parameter set: channel 3 03 ... Any following IEs decode nicely, thus it seems that we can relax Supported Rates IE length handling to support this thermostat.
This commit is contained in:
parent
c68ae2f00b
commit
7ec8fd6776
3
src/ie.c
3
src/ie.c
@ -1371,8 +1371,7 @@ int ie_parse_supported_rates(struct ie_tlv_iter *iter,
|
||||
|
||||
len = ie_tlv_iter_get_length(iter);
|
||||
|
||||
if (ie_tlv_iter_get_tag(iter) == IE_TYPE_SUPPORTED_RATES &&
|
||||
(len == 0 || len > 8))
|
||||
if (ie_tlv_iter_get_tag(iter) == IE_TYPE_SUPPORTED_RATES && len == 0)
|
||||
return -EINVAL;
|
||||
|
||||
rates = ie_tlv_iter_get_data(iter);
|
||||
|
Loading…
Reference in New Issue
Block a user