From b344d27c562779f41ea61f8113e6a958d421cabd Mon Sep 17 00:00:00 2001
From: Andrew Zaborowski <andrew.zaborowski@intel.com>
Date: Mon, 14 Aug 2017 14:49:21 +0200
Subject: [PATCH] ie: Fix Supported Rates length check

Supported Rates IEs can be 1-8 bytes, not only 8 byte long, according to
802.11-2012 8.4.2.3.
---
 src/ie.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ie.c b/src/ie.c
index e4955219..35dd412b 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -1325,7 +1325,7 @@ int ie_parse_supported_rates(struct ie_tlv_iter *iter,
 	len = ie_tlv_iter_get_length(iter);
 
 	if (ie_tlv_iter_get_tag(iter) == IE_TYPE_SUPPORTED_RATES &&
-			len != 8)
+			(len == 0 || len > 8))
 		return -EINVAL;
 
 	rates = ie_tlv_iter_get_data(iter);