Simplify ERP element parsing
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the only allowed element length is one.
Signed-off-by: Jouni Malinen <j@w1.fi>
diff --git a/src/ap/ap_list.c b/src/ap/ap_list.c
index 8cccd83..47a2c4b 100644
--- a/src/ap/ap_list.c
+++ b/src/ap/ap_list.c
@@ -193,7 +193,7 @@
elems->supp_rates, elems->supp_rates_len,
elems->ext_supp_rates, elems->ext_supp_rates_len);
- if (elems->erp_info && elems->erp_info_len == 1)
+ if (elems->erp_info)
ap->erp = elems->erp_info[0];
else
ap->erp = -1;
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 140f920..69ffa8f 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -223,8 +223,9 @@
elems->challenge_len = elen;
break;
case WLAN_EID_ERP_INFO:
+ if (elen < 1)
+ break;
elems->erp_info = pos;
- elems->erp_info_len = elen;
break;
case WLAN_EID_EXT_SUPP_RATES:
elems->ext_supp_rates = pos;
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index 0a71bc8..ae99f7f 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -52,7 +52,6 @@
u8 ssid_len;
u8 supp_rates_len;
u8 challenge_len;
- u8 erp_info_len;
u8 ext_supp_rates_len;
u8 wpa_ie_len;
u8 rsn_ie_len;
