Commit b81d36cb authored by Jes Sorensen's avatar Jes Sorensen Committed by Greg Kroah-Hartman

staging: rtl8723au: issue_beacon23a(): Do not copy IEs in front of beacon data

Not sure how this happened, but one should never copy the IEs in front
of the beacon frame info. This could lead to some nasty corrupted
beacon frames hitting the wire if running AP mode - ouf!
Signed-off-by: default avatarJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 0b46cfdd
...@@ -2434,7 +2434,29 @@ void issue_beacon23a(struct rtw_adapter *padapter, int timeout_ms) ...@@ -2434,7 +2434,29 @@ void issue_beacon23a(struct rtw_adapter *padapter, int timeout_ms)
pframe += sizeof(struct ieee80211_hdr_3addr); pframe += sizeof(struct ieee80211_hdr_3addr);
pattrib->pktlen = sizeof(struct ieee80211_hdr_3addr); pattrib->pktlen = sizeof(struct ieee80211_hdr_3addr);
if ((pmlmeinfo->state&0x03) == WIFI_FW_AP_STATE) { /* below for ad-hoc mode */
/* timestamp will be inserted by hardware */
pframe += 8;
pattrib->pktlen += 8;
/* beacon interval: 2 bytes */
memcpy(pframe, (unsigned char *)
rtw_get_beacon_interval23a_from_ie(cur_network->IEs), 2);
pframe += 2;
pattrib->pktlen += 2;
/* capability info: 2 bytes */
memcpy(pframe, (unsigned char *)
rtw_get_capability23a_from_ie(cur_network->IEs), 2);
pframe += 2;
pattrib->pktlen += 2;
if ((pmlmeinfo->state & 0x03) == WIFI_FW_AP_STATE) {
u8 *iebuf; u8 *iebuf;
int buflen; int buflen;
/* DBG_8723A("ie len =%d\n", cur_network->IELength); */ /* DBG_8723A("ie len =%d\n", cur_network->IELength); */
...@@ -2468,28 +2490,6 @@ void issue_beacon23a(struct rtw_adapter *padapter, int timeout_ms) ...@@ -2468,28 +2490,6 @@ void issue_beacon23a(struct rtw_adapter *padapter, int timeout_ms)
goto _issue_bcn; goto _issue_bcn;
} }
/* below for ad-hoc mode */
/* timestamp will be inserted by hardware */
pframe += 8;
pattrib->pktlen += 8;
/* beacon interval: 2 bytes */
memcpy(pframe, (unsigned char *)
rtw_get_beacon_interval23a_from_ie(cur_network->IEs), 2);
pframe += 2;
pattrib->pktlen += 2;
/* capability info: 2 bytes */
memcpy(pframe, (unsigned char *)
rtw_get_capability23a_from_ie(cur_network->IEs), 2);
pframe += 2;
pattrib->pktlen += 2;
/* SSID */ /* SSID */
pframe = rtw_set_ie23a(pframe, WLAN_EID_SSID, pframe = rtw_set_ie23a(pframe, WLAN_EID_SSID,
cur_network->Ssid.ssid_len, cur_network->Ssid.ssid_len,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment