ext_capab/ext_capab_len don't include ID and Length so no extra
+2 offset should be used
Signed-off-by: Flavia Vanetti <flavia.vanetti@xxxxxxxxxxxx>
---
src/rsn_supp/tdls.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index e424168..f57311e 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -2878,14 +2878,14 @@ void wpa_tdls_disassoc(struct wpa_sm *sm)
static int wpa_tdls_prohibited(struct ieee802_11_elems *elems)
{
/* bit 38 - TDLS Prohibited */
- return !!(elems->ext_capab[2 + 4] & 0x40);
+ return !!(elems->ext_capab[4] & 0x40);
}
static int wpa_tdls_chan_switch_prohibited(struct ieee802_11_elems *elems)
{
/* bit 39 - TDLS Channel Switch Prohibited */
- return !!(elems->ext_capab[2 + 4] & 0x80);
+ return !!(elems->ext_capab[4] & 0x80);
}
@@ -2898,7 +2898,7 @@ void wpa_tdls_ap_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
if (ies == NULL ||
ieee802_11_parse_elems(ies, len, &elems, 0) == ParseFailed ||
- elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
+ elems.ext_capab == NULL || elems.ext_capab_len < 5)
return;
sm->tdls_prohibited = wpa_tdls_prohibited(&elems);
@@ -2917,7 +2917,7 @@ void wpa_tdls_assoc_resp_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
if (ies == NULL ||
ieee802_11_parse_elems(ies, len, &elems, 0) == ParseFailed ||
- elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
+ elems.ext_capab == NULL || elems.ext_capab_len < 5)
return;
if (!sm->tdls_prohibited && wpa_tdls_prohibited(&elems)) {
--
2.7.4
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
