[PATCH 4.4] mwifiex: fix 802.11n/WPA detection

[PATCH 4.4] mwifiex: fix 802.11n/WPA detection

[Brian Norris]

[ Upstream commit df612421fe2566654047769c6852ffae1a31df16 ]

Commit 63d7ef36103d ("mwifiex: Don't abort on small, spec-compliant
vendor IEs") adjusted the ieee_types_vendor_header struct, which
inadvertently messed up the offsets used in
mwifiex_is_wpa_oui_present(). Add that offset back in, mirroring
mwifiex_is_rsn_oui_present().

As it stands, commit 63d7ef36103d breaks compatibility with WPA (not
WPA2) 802.11n networks, since we hit the "info: Disable 11n if AES is
not supported by AP" case in mwifiex_is_network_compatible().

Fixes: 63d7ef36103d ("mwifiex: Don't abort on small, spec-compliant vendor IEs")
Cc: <stable@vger.kernel.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
---
 drivers/net/wireless/mwifiex/main.h | 1 +
 drivers/net/wireless/mwifiex/scan.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h
index 3959f1c97f4e..466ea4e551a6 100644
--- a/drivers/net/wireless/mwifiex/main.h
+++ b/drivers/net/wireless/mwifiex/main.h
@@ -108,6 +108,7 @@ enum {
 
 #define MWIFIEX_MAX_TOTAL_SCAN_TIME	(MWIFIEX_TIMER_10S - MWIFIEX_TIMER_1S)
 
+#define WPA_GTK_OUI_OFFSET				2
 #define RSN_GTK_OUI_OFFSET				2
 
 #define MWIFIEX_OUI_NOT_PRESENT			0
diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c
index 673ca812bd4c..b3fa3e4bed05 100644
--- a/drivers/net/wireless/mwifiex/scan.c
+++ b/drivers/net/wireless/mwifiex/scan.c
@@ -151,7 +151,8 @@ mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
 	if (((bss_desc->bcn_wpa_ie) &&
 	     ((*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id ==
 	      WLAN_EID_VENDOR_SPECIFIC))) {
-		iebody = (struct ie_body *) bss_desc->bcn_wpa_ie->data;
+		iebody = (struct ie_body *)((u8 *)bss_desc->bcn_wpa_ie->data +
+					    WPA_GTK_OUI_OFFSET);
 		oui = &mwifiex_wpa_oui[cipher][0];
 		ret = mwifiex_search_oui_in_ie(iebody, oui);
 		if (ret)
-- 
2.23.0.rc1.153.gdeed80330f-goog

Re: [PATCH 4.4] mwifiex: fix 802.11n/WPA detection

[Greg KH]

On Wed, Aug 14, 2019 at 09:59:14AM -0700, Brian Norris wrote:
> [ Upstream commit df612421fe2566654047769c6852ffae1a31df16 ]
> 
> Commit 63d7ef36103d ("mwifiex: Don't abort on small, spec-compliant
> vendor IEs") adjusted the ieee_types_vendor_header struct, which
> inadvertently messed up the offsets used in
> mwifiex_is_wpa_oui_present(). Add that offset back in, mirroring
> mwifiex_is_rsn_oui_present().
> 
> As it stands, commit 63d7ef36103d breaks compatibility with WPA (not
> WPA2) 802.11n networks, since we hit the "info: Disable 11n if AES is
> not supported by AP" case in mwifiex_is_network_compatible().
> 
> Fixes: 63d7ef36103d ("mwifiex: Don't abort on small, spec-compliant vendor IEs")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
> ---
>  drivers/net/wireless/mwifiex/main.h | 1 +
>  drivers/net/wireless/mwifiex/scan.c | 3 ++-
>  2 files changed, 3 insertions(+), 1 deletion(-)

Now queued up, thanks for the backport.

greg k-h