Taking a brief look before lunch, > if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) { > const u8 *ht_oper_ie, *ht_cap_ie; > > > > > - ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); > + ht_oper_ie = elems->ht_operation ? > + ((const u8 *)elems->ht_operation) - 2 : > + NULL; > if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) > ht_oper = (void *)(ht_oper_ie + 2); Can't we drop these checks, and simply do ht_oper = elems->ht_operation? After all, ieee802_11_parse_elems() should already be doing the necessary length checks? We just didn't have that with ieee80211_bss_get_ie(). > - ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); > + ht_cap_ie = elems->ht_cap_elem ? > + ((const u8 *)elems->ht_cap_elem) - 2 : > + NULL; > if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) > ht_cap = (void *)(ht_cap_ie + 2); Likewise for all the others. johannes