> if (req->auth_data_len >= 4) {
> - __le16 *pos = (__le16 *) req->auth_data;
> - auth_data->sae_trans = le16_to_cpu(pos[0]);
> - auth_data->sae_status = le16_to_cpu(pos[1]);
> + if (req->auth_type == NL80211_AUTHTYPE_SAE) {
> + __le16 *pos = (__le16 *) req->auth_data;
> + auth_data->sae_trans = le16_to_cpu(pos[0]);
> + auth_data->sae_status = le16_to_cpu(pos[1]);
> + }
> memcpy(auth_data->data, req->auth_data + 4,
> req->auth_data_len - 4);
> auth_data->data_len += req->auth_data_len - 4;
Hmm. Do we really want to still skip the first four bytes of the data
userspace passed? That seems a bit strange to me. The docs in nl80211.h
do say it that way now, but should we really include a dummy
Authentication transaction sequence number field?
johannes
