diff --git a/README.md b/README.md index 8493271..2c275b6 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # REALTEK RTL88x2B USB Linux Driver -**Current Driver Version**: 5.13.1 +**Current Driver Version**: 5.13.1-30 **Support Kernel**: 2.6.24 ~ 6.7 (with unofficial patches) Linux in-tree rtw8822bu driver is working in process, check [this](https://lore.kernel.org/lkml/20220518082318.3898514-1-s.hauer@pengutronix.de/) patchset. diff --git a/ReleaseNotes.pdf b/ReleaseNotes.pdf index dc05dd7..caf2082 100644 Binary files a/ReleaseNotes.pdf and b/ReleaseNotes.pdf differ diff --git a/core/efuse/rtw_efuse.c b/core/efuse/rtw_efuse.c index baaf49d..ff699f0 100644 --- a/core/efuse/rtw_efuse.c +++ b/core/efuse/rtw_efuse.c @@ -968,12 +968,12 @@ void rtw_efuse_analyze(PADAPTER padapter, u8 Type, u8 Fake) j = 0; for (i = 0; i < mapLen; i++) { - if (i % 16 == 0) { + if (i % 16 == 0) RTW_PRINT_SEL(RTW_DBGDUMP, "0x%03x: ", i); - } - _RTW_PRINT_SEL(RTW_DBGDUMP, "%02X%s" - , pEfuseHal->fakeEfuseInitMap[i] - , ((i + 1) % 16 == 0) ? "\n" : (((i + 1) % 8 == 0) ? " " : " ")); + _RTW_PRINT_SEL(RTW_DBGDUMP, "%02X%s" + , pEfuseHal->fakeEfuseInitMap[i] + , ((i + 1) % 16 == 0) ? "\n" : (((i + 1) % 8 == 0) ? " " : " ") + ); } _RTW_PRINT_SEL(RTW_DBGDUMP, "\n"); diff --git a/core/rtw_ap.c b/core/rtw_ap.c old mode 100644 new mode 100755 index ec72564..da3db56 --- a/core/rtw_ap.c +++ b/core/rtw_ap.c @@ -2227,11 +2227,7 @@ int rtw_check_beacon_data(_adapter *padapter, u8 *pbuf, int len) } psecuritypriv->mfp_opt = mfp_opt; -#ifdef CONFIG_RTW_80211K - /* RRM */ - update_rm_cap(pbuf, padapter, len, _BEACON_IE_OFFSET_); - -#endif /* CONFIG_RTW_80211K */ + rm_update_cap(pbuf, padapter, len, _BEACON_IE_OFFSET_); /* wmm */ ie_len = 0; diff --git a/core/rtw_ieee80211.c b/core/rtw_ieee80211.c old mode 100644 new mode 100755 index d9bf9cb..d7776a8 --- a/core/rtw_ieee80211.c +++ b/core/rtw_ieee80211.c @@ -1273,6 +1273,7 @@ u8 *rtw_get_wps_attr(u8 *wps_ie, uint wps_ielen, u16 target_attr_id , u8 *buf_at * @wps_ielen: Length limit from wps_ie * @target_attr_id: The attribute ID of WPS attribute to search * @buf_content: If not NULL and the WPS attribute is found, WPS attribute content will be copied to the buf starting from buf_content + * If len_content is NULL, only copy one byte. * @len_content: If not NULL and the WPS attribute is found, will set to the length of the WPS attribute content * * Returns: the address of the specific WPS attribute content found, or NULL @@ -1282,21 +1283,26 @@ u8 *rtw_get_wps_attr_content(u8 *wps_ie, uint wps_ielen, u16 target_attr_id , u8 u8 *attr_ptr; u32 attr_len; - if (len_content) - *len_content = 0; - attr_ptr = rtw_get_wps_attr(wps_ie, wps_ielen, target_attr_id, NULL, &attr_len); if (attr_ptr && attr_len) { - if (buf_content) - _rtw_memcpy(buf_content, attr_ptr + 4, attr_len - 4); + if (len_content) { + if ((buf_content && (*len_content > (attr_len - 4))) || !buf_content) + *len_content = attr_len - 4; + } - if (len_content) - *len_content = attr_len - 4; + if (len_content && buf_content) { + _rtw_memcpy(buf_content, attr_ptr + 4, *len_content); + } else if (buf_content) { + _rtw_memcpy(buf_content, attr_ptr + 4, 1); + } return attr_ptr + 4; } + if (len_content) + *len_content = 0; + return NULL; } @@ -2316,6 +2322,7 @@ u8 *rtw_get_p2p_attr(u8 *p2p_ie, uint p2p_ielen, u8 target_attr_id , u8 *buf_att * @p2p_ielen: Length limit from p2p_ie * @target_attr_id: The attribute ID of P2P attribute to search * @buf_content: If not NULL and the P2P attribute is found, P2P attribute content will be copied to the buf starting from buf_content + * If len_content is NULL, only copy one byte. * @len_content: If not NULL and the P2P attribute is found, will set to the length of the P2P attribute content * * Returns: the address of the specific P2P attribute content found, or NULL @@ -2325,21 +2332,26 @@ u8 *rtw_get_p2p_attr_content(u8 *p2p_ie, uint p2p_ielen, u8 target_attr_id , u8 u8 *attr_ptr; u32 attr_len; - if (len_content) - *len_content = 0; - attr_ptr = rtw_get_p2p_attr(p2p_ie, p2p_ielen, target_attr_id, NULL, &attr_len); if (attr_ptr && attr_len) { - if (buf_content) - _rtw_memcpy(buf_content, attr_ptr + 3, attr_len - 3); + if (len_content) { + if ((buf_content && (*len_content > (attr_len - 3))) || !buf_content) + *len_content = attr_len - 3; + } - if (len_content) - *len_content = attr_len - 3; + if (len_content && buf_content) { + _rtw_memcpy(buf_content, attr_ptr + 3, *len_content); + } else if (buf_content) { + _rtw_memcpy(buf_content, attr_ptr + 3, 1); + } return attr_ptr + 3; } + if (len_content) + *len_content = 0; + return NULL; } diff --git a/core/rtw_mlme.c b/core/rtw_mlme.c old mode 100644 new mode 100755 index 024c144..86aaffb --- a/core/rtw_mlme.c +++ b/core/rtw_mlme.c @@ -5004,6 +5004,15 @@ sint rtw_restruct_sec_ie(_adapter *adapter, u8 *out_ie) ielength = rtw_rsn_sync_pmkid(adapter, out_ie, ielength, iEntry); } + if ((psecuritypriv->auth_type == MLME_AUTHTYPE_SAE) && + (psecuritypriv->rsnx_ie_len >= 3)) { + u8 *_pos = out_ie + (psecuritypriv->supplicant_ie[1] + 2); + _rtw_memcpy(_pos, psecuritypriv->rsnx_ie, + psecuritypriv->rsnx_ie_len); + ielength += psecuritypriv->rsnx_ie_len; + RTW_INFO_DUMP("update IE for RSNX :", out_ie, ielength); + } + return ielength; } diff --git a/core/rtw_mlme_ext.c b/core/rtw_mlme_ext.c old mode 100644 new mode 100755 index f9e046e..8da68a4 --- a/core/rtw_mlme_ext.c +++ b/core/rtw_mlme_ext.c @@ -2797,6 +2797,10 @@ normal: goto authclnt_fail; } + if (len > sizeof(pmlmeinfo->chg_txt)) { + goto authclnt_fail; + } + _rtw_memcpy((void *)(pmlmeinfo->chg_txt), (void *)(p + 2), len); pmlmeinfo->auth_seq = 3; issue_auth(padapter, NULL, 0); @@ -4698,6 +4702,7 @@ void issue_p2p_GO_response(_adapter *padapter, u8 *raddr, u8 *frame_body, uint l /* Try to get the device password ID from the WPS IE of group negotiation request frame */ /* WiFi Direct test plan 5.1.15 */ rtw_get_wps_ie(frame_body + _PUBLIC_ACTION_IE_OFFSET_, len - _PUBLIC_ACTION_IE_OFFSET_, wpsie, &wpsielen); + wps_devicepassword_id_len = sizeof(wps_devicepassword_id); rtw_get_wps_attr_content(wpsie, wpsielen, WPS_ATTR_DEVICE_PWID, (u8 *) &wps_devicepassword_id, &wps_devicepassword_id_len); wps_devicepassword_id = be16_to_cpu(wps_devicepassword_id); @@ -6799,9 +6804,11 @@ unsigned int on_action_public_p2p(union recv_frame *precv_frame) merged_p2p_ielen = rtw_p2p_merge_ies(frame_body + _PUBLIC_ACTION_IE_OFFSET_, len - _PUBLIC_ACTION_IE_OFFSET_, merged_p2pie); + attr_contentlen = sizeof(invitation_flag); rtw_get_p2p_attr_content(merged_p2pie, merged_p2p_ielen, P2P_ATTR_INVITATION_FLAGS, &invitation_flag, &attr_contentlen); if (attr_contentlen) { + attr_contentlen = sizeof(pwdinfo->p2p_peer_interface_addr); rtw_get_p2p_attr_content(merged_p2pie, merged_p2p_ielen, P2P_ATTR_GROUP_BSSID, pwdinfo->p2p_peer_interface_addr, &attr_contentlen); /* Commented by Albert 20120510 */ /* Copy to the pwdinfo->p2p_peer_interface_addr. */ @@ -6820,6 +6827,7 @@ unsigned int on_action_public_p2p(union recv_frame *precv_frame) /* Re-invoke the persistent group. */ _rtw_memset(&group_id, 0x00, sizeof(struct group_id_info)); + attr_contentlen = sizeof(struct group_id_info); rtw_get_p2p_attr_content(merged_p2pie, merged_p2p_ielen, P2P_ATTR_GROUP_ID, (u8 *) &group_id, &attr_contentlen); if (attr_contentlen) { if (_rtw_memcmp(group_id.go_device_addr, adapter_mac_addr(padapter), ETH_ALEN)) { @@ -6831,6 +6839,7 @@ unsigned int on_action_public_p2p(union recv_frame *precv_frame) /* The p2p device sending this p2p invitation request wants to be the persistent GO. */ if (is_matched_in_profilelist(pwdinfo->p2p_peer_interface_addr, &pwdinfo->profileinfo[0])) { u8 operatingch_info[5] = { 0x00 }; + attr_contentlen = sizeof(operatingch_info); if (rtw_get_p2p_attr_content(merged_p2pie, merged_p2p_ielen, P2P_ATTR_OPERATING_CH, operatingch_info, &attr_contentlen)) { if (rtw_chset_search_ch(adapter_to_chset(padapter), (u32)operatingch_info[4]) >= 0) { @@ -6874,6 +6883,7 @@ unsigned int on_action_public_p2p(union recv_frame *precv_frame) /* Received the invitation to join a P2P group. */ _rtw_memset(&group_id, 0x00, sizeof(struct group_id_info)); + attr_contentlen = sizeof(struct group_id_info); rtw_get_p2p_attr_content(merged_p2pie, merged_p2p_ielen, P2P_ATTR_GROUP_ID, (u8 *) &group_id, &attr_contentlen); if (attr_contentlen) { if (_rtw_memcmp(group_id.go_device_addr, adapter_mac_addr(padapter), ETH_ALEN)) { @@ -6918,6 +6928,7 @@ unsigned int on_action_public_p2p(union recv_frame *precv_frame) _cancel_timer_ex(&pwdinfo->restore_p2p_state_timer); p2p_ie = rtw_get_p2p_ie(frame_body + _PUBLIC_ACTION_IE_OFFSET_, len - _PUBLIC_ACTION_IE_OFFSET_, NULL, &p2p_ielen); if (p2p_ie) { + attr_contentlen = sizeof(attr_content); rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_STATUS, &attr_content, &attr_contentlen); if (attr_contentlen == 1) { @@ -8900,6 +8911,7 @@ void issue_asocrsp(_adapter *padapter, unsigned short status, struct sta_info *p struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info); WLAN_BSSID_EX *pnetwork = &(pmlmeinfo->network); u8 *ie = pnetwork->IEs, cap[5], i; + struct security_priv *psecuritypriv = &(padapter->securitypriv); #ifdef CONFIG_P2P struct wifidirect_info *pwdinfo = &(padapter->wdinfo); #ifdef CONFIG_WFD @@ -9083,6 +9095,14 @@ void issue_asocrsp(_adapter *padapter, unsigned short status, struct sta_info *p pattrib->pktlen += pmlmepriv->wps_assoc_resp_ie_len; } + + if ((psecuritypriv->auth_type == MLME_AUTHTYPE_SAE) && + pmlmepriv->assoc_rsp && pmlmepriv->assoc_rsp_len > 0) { + _rtw_memcpy(pframe, pmlmepriv->assoc_rsp, pmlmepriv->assoc_rsp_len); + pframe += pmlmepriv->assoc_rsp_len; + pattrib->pktlen += pmlmepriv->assoc_rsp_len; + } + #ifdef CONFIG_P2P if (rtw_p2p_chk_role(pwdinfo, P2P_ROLE_GO) && (pstat->is_p2p_device == _TRUE)) { u32 len; @@ -9411,6 +9431,10 @@ void _issue_assocreq(_adapter *padapter, u8 is_reassoc) /*rtw_set_spp_amsdu_mode(padapter->registrypriv.amsdu_mode, pframe - (pIE->Length + 2), pIE->Length +2);*/ } break; + case WLAN_EID_RSNX: + pframe = rtw_set_ie(pframe, WLAN_EID_RSNX, pIE->Length, + pIE->data, &(pattrib->pktlen)); + break; #ifdef CONFIG_80211N_HT case EID_HTCapability: if (padapter->mlmepriv.htpriv.ht_option == _TRUE) { @@ -11273,6 +11297,7 @@ u8 collect_bss_info(_adapter *padapter, union recv_frame *precv_frame, WLAN_BSSI u32 attr_contentlen = 0; u8 listen_ch[5] = { 0x00 }; + attr_contentlen = sizeof(listen_ch); rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_LISTEN_CH, listen_ch, &attr_contentlen); bssid->Configuration.DSConfig = listen_ch[4]; } else { @@ -11404,7 +11429,8 @@ u8 collect_bss_info(_adapter *padapter, union recv_frame *precv_frame, WLAN_BSSI #ifdef CONFIG_RTW_80211K p = rtw_get_ie(bssid->IEs + ie_offset, _EID_RRM_EN_CAP_IE_, &len, bssid->IELength - ie_offset); if (p) - _rtw_memcpy(bssid->PhyInfo.rm_en_cap, (p + 2), *(p + 1)); + _rtw_memcpy(bssid->PhyInfo.rm_en_cap, (p + 2), MIN(*(p + 1), + sizeof(bssid->PhyInfo.rm_en_cap))); /* save freerun counter */ bssid->PhyInfo.free_cnt = precv_frame->u.hdr.attrib.free_cnt; diff --git a/core/rtw_p2p.c b/core/rtw_p2p.c index 24372de..61eba1d 100644 --- a/core/rtw_p2p.c +++ b/core/rtw_p2p.c @@ -2287,6 +2287,7 @@ u32 process_assoc_req_p2p_ie(struct wifidirect_info *pwdinfo, u8 *pframe, uint l while (p2p_ie) { /* Check P2P Capability ATTR */ + attr_contentlen = sizeof(cap_attr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_CAPABILITY, (u8 *)&cap_attr, (uint *) &attr_contentlen)) { RTW_INFO("[%s] Got P2P Capability Attr!!\n", __FUNCTION__); cap_attr = le16_to_cpu(cap_attr); @@ -2304,7 +2305,6 @@ u32 process_assoc_req_p2p_ie(struct wifidirect_info *pwdinfo, u8 *pframe, uint l u8 num_of_secdev_type; u16 dev_name_len; - rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_DEVICE_INFO , pattr_content, (uint *)&attr_contentlen); _rtw_memcpy(psta->dev_addr, pattr_content, ETH_ALEN);/* P2P Device Address */ @@ -2384,10 +2384,11 @@ u32 process_p2p_devdisc_req(struct wifidirect_info *pwdinfo, u8 *pframe, uint le u8 dev_addr[ETH_ALEN] = { 0x00 }; u32 attr_contentlen = 0; + attr_contentlen = sizeof(groupid); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_GROUP_ID, groupid, &attr_contentlen)) { if (_rtw_memcmp(pwdinfo->device_addr, groupid, ETH_ALEN) && _rtw_memcmp(pwdinfo->p2p_group_ssid, groupid + ETH_ALEN, pwdinfo->p2p_group_ssid_len)) { - attr_contentlen = 0; + attr_contentlen = sizeof(dev_addr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_DEVICE_ID, dev_addr, &attr_contentlen)) { _irqL irqL; _list *phead, *plist; @@ -2455,6 +2456,7 @@ u8 process_p2p_provdisc_req(struct wifidirect_info *pwdinfo, u8 *pframe, uint l wpsie = rtw_get_wps_ie(frame_body + _PUBLIC_ACTION_IE_OFFSET_, len - _PUBLIC_ACTION_IE_OFFSET_, NULL, &wps_ielen); if (wpsie) { + attr_contentlen = sizeof(uconfig_method); if (rtw_get_wps_attr_content(wpsie, wps_ielen, WPS_ATTR_CONF_METHOD , (u8 *) &uconfig_method, &attr_contentlen)) { uconfig_method = be16_to_cpu(uconfig_method); switch (uconfig_method) { @@ -2552,6 +2554,7 @@ u8 process_p2p_group_negotation_req(struct wifidirect_info *pwdinfo, u8 *pframe, /* If some device wants to do p2p handshake without sending prov_disc_req */ /* We have to get peer_req_cm from here. */ if (_rtw_memcmp(pwdinfo->rx_prov_disc_info.strconfig_method_desc_of_prov_disc_req, "000", 3)) { + wps_devicepassword_id_len = sizeof(wps_devicepassword_id); rtw_get_wps_attr_content(wpsie, wps_ielen, WPS_ATTR_DEVICE_PWID, (u8 *) &wps_devicepassword_id, &wps_devicepassword_id_len); wps_devicepassword_id = be16_to_cpu(wps_devicepassword_id); @@ -2595,6 +2598,7 @@ u8 process_p2p_group_negotation_req(struct wifidirect_info *pwdinfo, u8 *pframe, rtw_p2p_set_state(pwdinfo, P2P_STATE_GONEGO_ING); /* Check P2P Capability ATTR */ + attr_contentlen = sizeof(cap_attr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_CAPABILITY, (u8 *)&cap_attr, (uint *)&attr_contentlen)) { cap_attr = le16_to_cpu(cap_attr); @@ -2604,6 +2608,7 @@ u8 process_p2p_group_negotation_req(struct wifidirect_info *pwdinfo, u8 *pframe, #endif /* defined(CONFIG_WFD) && defined(CONFIG_TDLS) */ } + attr_contentlen = sizeof(attr_content); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_GO_INTENT , &attr_content, &attr_contentlen)) { RTW_INFO("[%s] GO Intent = %d, tie = %d\n", __FUNCTION__, attr_content >> 1, attr_content & 0x01); pwdinfo->peer_intent = attr_content; /* include both intent and tie breaker values. */ @@ -2631,17 +2636,19 @@ u8 process_p2p_group_negotation_req(struct wifidirect_info *pwdinfo, u8 *pframe, } } + attr_contentlen = sizeof(listen_ch_attr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_LISTEN_CH, (u8 *)listen_ch_attr, (uint *) &attr_contentlen) && attr_contentlen == 5) pwdinfo->nego_req_info.peer_ch = listen_ch_attr[4]; RTW_INFO(FUNC_ADPT_FMT" listen channel :%u\n", FUNC_ADPT_ARG(padapter), pwdinfo->nego_req_info.peer_ch); - attr_contentlen = 0; + attr_contentlen = sizeof(pwdinfo->p2p_peer_interface_addr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_INTENDED_IF_ADDR, pwdinfo->p2p_peer_interface_addr, &attr_contentlen)) { if (attr_contentlen != ETH_ALEN) _rtw_memset(pwdinfo->p2p_peer_interface_addr, 0x00, ETH_ALEN); } + ch_cnt = sizeof(ch_content); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_CH_LIST, ch_content, &ch_cnt)) { peer_ch_num = rtw_p2p_get_peer_ch_list(pwdinfo, ch_content, ch_cnt, peer_ch_list); ch_num_inclusioned = rtw_p2p_ch_inclusion(padapter, peer_ch_list, peer_ch_num, ch_list_inclusioned); @@ -2667,8 +2674,8 @@ u8 process_p2p_group_negotation_req(struct wifidirect_info *pwdinfo, u8 *pframe, #endif /* CONFIG_CONCURRENT_MODE */ { u8 operatingch_info[5] = { 0x00 }, peer_operating_ch = 0; - attr_contentlen = 0; + attr_contentlen = sizeof(operatingch_info); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_OPERATING_CH, operatingch_info, &attr_contentlen)) peer_operating_ch = operatingch_info[4]; @@ -2754,6 +2761,7 @@ u8 process_p2p_group_negotation_resp(struct wifidirect_info *pwdinfo, u8 *pframe while (p2p_ie) { /* Found the P2P IE. */ /* Check P2P Capability ATTR */ + attr_contentlen = sizeof(cap_attr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_CAPABILITY, (u8 *)&cap_attr, (uint *)&attr_contentlen)) { cap_attr = le16_to_cpu(cap_attr); #ifdef CONFIG_TDLS @@ -2762,6 +2770,7 @@ u8 process_p2p_group_negotation_resp(struct wifidirect_info *pwdinfo, u8 *pframe #endif /* CONFIG_TDLS */ } + attr_contentlen = sizeof(attr_content); rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_STATUS, &attr_content, &attr_contentlen); if (attr_contentlen == 1) { RTW_INFO("[%s] Status = %d\n", __FUNCTION__, attr_content); @@ -2779,7 +2788,7 @@ u8 process_p2p_group_negotation_resp(struct wifidirect_info *pwdinfo, u8 *pframe } /* Try to get the peer's interface address */ - attr_contentlen = 0; + attr_contentlen = sizeof(pwdinfo->p2p_peer_interface_addr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_INTENDED_IF_ADDR, pwdinfo->p2p_peer_interface_addr, &attr_contentlen)) { if (attr_contentlen != ETH_ALEN) _rtw_memset(pwdinfo->p2p_peer_interface_addr, 0x00, ETH_ALEN); @@ -2787,7 +2796,7 @@ u8 process_p2p_group_negotation_resp(struct wifidirect_info *pwdinfo, u8 *pframe /* Try to get the peer's intent and tie breaker value. */ attr_content = 0x00; - attr_contentlen = 0; + attr_contentlen = sizeof(attr_content); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_GO_INTENT , &attr_content, &attr_contentlen)) { RTW_INFO("[%s] GO Intent = %d, tie = %d\n", __FUNCTION__, attr_content >> 1, attr_content & 0x01); pwdinfo->peer_intent = attr_content; /* include both intent and tie breaker values. */ @@ -2826,13 +2835,14 @@ u8 process_p2p_group_negotation_resp(struct wifidirect_info *pwdinfo, u8 *pframe /* Try to get the operation channel information */ - attr_contentlen = 0; + attr_contentlen = sizeof(operatingch_info); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_OPERATING_CH, operatingch_info, &attr_contentlen)) { RTW_INFO("[%s] Peer's operating channel = %d\n", __FUNCTION__, operatingch_info[4]); pwdinfo->peer_operating_ch = operatingch_info[4]; } /* Try to get the channel list information */ + pwdinfo->channel_list_attr_len = sizeof(pwdinfo->channel_list_attr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_CH_LIST, pwdinfo->channel_list_attr, &pwdinfo->channel_list_attr_len)) { RTW_INFO("[%s] channel list attribute found, len = %d\n", __FUNCTION__, pwdinfo->channel_list_attr_len); @@ -2860,7 +2870,7 @@ u8 process_p2p_group_negotation_resp(struct wifidirect_info *pwdinfo, u8 *pframe #endif /* CONFIG_CONCURRENT_MODE */ { u8 operatingch_info[5] = { 0x00 }, peer_operating_ch = 0; - attr_contentlen = 0; + attr_contentlen = sizeof(operatingch_info); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_OPERATING_CH, operatingch_info, &attr_contentlen)) peer_operating_ch = operatingch_info[4]; @@ -2886,8 +2896,8 @@ u8 process_p2p_group_negotation_resp(struct wifidirect_info *pwdinfo, u8 *pframe RTW_INFO("[%s] channel list attribute not found!\n", __FUNCTION__); /* Try to get the group id information if peer is GO */ - attr_contentlen = 0; _rtw_memset(groupid, 0x00, 38); + attr_contentlen = sizeof(groupid); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_GROUP_ID, groupid, &attr_contentlen)) { _rtw_memcpy(pwdinfo->groupid_info.go_device_addr, &groupid[0], ETH_ALEN); _rtw_memcpy(pwdinfo->groupid_info.ssid, &groupid[6], attr_contentlen - ETH_ALEN); @@ -2928,6 +2938,7 @@ u8 process_p2p_group_negotation_confirm(struct wifidirect_info *pwdinfo, u8 *pfr u32 attr_contentlen = 0; pwdinfo->negotiation_dialog_token = 1; + attr_contentlen = sizeof(attr_content); rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_STATUS, &attr_content, &attr_contentlen); if (attr_contentlen == 1) { RTW_INFO("[%s] Status = %d\n", __FUNCTION__, attr_content); @@ -2968,15 +2979,15 @@ u8 process_p2p_group_negotation_confirm(struct wifidirect_info *pwdinfo, u8 *pfr } /* Try to get the group id information */ - attr_contentlen = 0; _rtw_memset(groupid, 0x00, 38); + attr_contentlen = sizeof(groupid); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_GROUP_ID, groupid, &attr_contentlen)) { RTW_INFO("[%s] Ssid = %s, ssidlen = %zu\n", __FUNCTION__, &groupid[ETH_ALEN], strlen(&groupid[ETH_ALEN])); _rtw_memcpy(pwdinfo->groupid_info.go_device_addr, &groupid[0], ETH_ALEN); _rtw_memcpy(pwdinfo->groupid_info.ssid, &groupid[6], attr_contentlen - ETH_ALEN); } - attr_contentlen = 0; + attr_contentlen = sizeof(operatingch_info); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_OPERATING_CH, operatingch_info, &attr_contentlen)) { RTW_INFO("[%s] Peer's operating channel = %d\n", __FUNCTION__, operatingch_info[4]); pwdinfo->peer_operating_ch = operatingch_info[4]; @@ -4015,6 +4026,7 @@ int process_p2p_cross_connect_ie(PADAPTER padapter, u8 *IEs, u32 IELength) while (p2p_ie) { /* Get P2P Manageability IE. */ + attr_contentlen = sizeof(p2p_attr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_MANAGEABILITY, p2p_attr, &attr_contentlen)) { if ((p2p_attr[0] & (BIT(0) | BIT(1))) == 0x01) ret = _FALSE; diff --git a/core/rtw_recv.c b/core/rtw_recv.c old mode 100644 new mode 100755 index db070f8..14a039d --- a/core/rtw_recv.c +++ b/core/rtw_recv.c @@ -2729,8 +2729,6 @@ union recv_frame *recvframe_defrag(_adapter *adapter, _queue *defrag_q) return NULL; } - curfragnum++; - /* copy the 2nd~n fragment frame's payload to the first fragment */ /* get the 2nd~last fragment frame's payload */ @@ -2738,6 +2736,15 @@ union recv_frame *recvframe_defrag(_adapter *adapter, _queue *defrag_q) recvframe_pull(pnextrframe, wlanhdr_offset); + if ((pfhdr->rx_end - pfhdr->rx_tail) < pnfhdr->len) { + RTW_INFO("Not enough buffer space, drop fragmented frame!\n"); + rtw_free_recvframe(prframe, pfree_recv_queue); + rtw_free_recvframe_queue(defrag_q, pfree_recv_queue); + return NULL; + } + + curfragnum++; + /* append to first fragment frame's tail (if privacy frame, pull the ICV) */ recvframe_pull_tail(prframe, pfhdr->attrib.icv_len); @@ -3835,11 +3842,11 @@ int validate_mp_recv_frame(_adapter *adapter, union recv_frame *precv_frame) for (i = 0; i < precv_frame->u.hdr.len; i = i + 8) RTW_INFO("%02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X:\n", *(ptr + i), *(ptr + i + 1), *(ptr + i + 2) , *(ptr + i + 3) , *(ptr + i + 4), *(ptr + i + 5), *(ptr + i + 6), *(ptr + i + 7)); - RTW_INFO("#############################\n"); - _rtw_memset(pmppriv->mplink_buf, '\0' , sizeof(pmppriv->mplink_buf)); - _rtw_memcpy(pmppriv->mplink_buf, ptr, precv_frame->u.hdr.len); - pmppriv->mplink_rx_len = precv_frame->u.hdr.len; - pmppriv->mplink_brx =_TRUE; + RTW_INFO("#############################\n"); + _rtw_memset(pmppriv->mplink_buf, '\0' , sizeof(pmppriv->mplink_buf)); + _rtw_memcpy(pmppriv->mplink_buf, ptr, precv_frame->u.hdr.len); + pmppriv->mplink_rx_len = precv_frame->u.hdr.len; + pmppriv->mplink_brx =_TRUE; } } if (pmppriv->bloopback) { diff --git a/core/rtw_rm.c b/core/rtw_rm.c index 38ceb2e..9517f81 100644 --- a/core/rtw_rm.c +++ b/core/rtw_rm.c @@ -36,6 +36,20 @@ u8 rm_post_event_hdl(_adapter *padapter, u8 *pbuf) return H2C_SUCCESS; } +void rm_update_cap(u8 *frame_head, _adapter *pa, u32 pktlen, int offset) +{ +#ifdef CONFIG_RTW_80211K + u8 *res; + sint len; + + res = rtw_get_ie(frame_head + offset, _EID_RRM_EN_CAP_IE_, &len, + pktlen - offset); + if (res != NULL) + _rtw_memcpy((void *)pa->rmpriv.rm_en_cap_def, (res + 2), + MIN(len, sizeof(pa->rmpriv.rm_en_cap_def))); +#endif +} + #ifdef CONFIG_RTW_80211K struct cmd_meas_type_ { u8 id; @@ -528,13 +542,13 @@ static int rm_parse_bcn_req_s_elem(struct rm_obj *prm, u8 *pbody, int req_len) RTW_INFO("DBG set ssid to %s\n",DBG_BCN_REQ_SSID_NAME); i = strlen(DBG_BCN_REQ_SSID_NAME); prm->q.opt.bcn.ssid.SsidLength = i; - _rtw_memcpy(&(prm->q.opt.bcn.ssid.Ssid), - DBG_BCN_REQ_SSID_NAME, i); + _rtw_memcpy(&(prm->q.opt.bcn.ssid.Ssid), DBG_BCN_REQ_SSID_NAME, + MIN(i, sizeof(prm->q.opt.bcn.ssid.Ssid)-1)); #else /* original */ prm->q.opt.bcn.ssid.SsidLength = pbody[p+1]; - _rtw_memcpy(&(prm->q.opt.bcn.ssid.Ssid), - &pbody[p+2], pbody[p+1]); + _rtw_memcpy(&(prm->q.opt.bcn.ssid.Ssid), &pbody[p+2], + MIN(pbody[p+1], sizeof(prm->q.opt.bcn.ssid.Ssid)-1)); #endif #endif RTW_INFO("RM: bcn_req_ssid=%s\n", @@ -2194,8 +2208,9 @@ void rtw_ap_parse_sta_rm_en_cap(_adapter *padapter, if (elem->rm_en_cap) { RTW_INFO("assoc.rm_en_cap="RM_CAP_FMT"\n", RM_CAP_ARG(elem->rm_en_cap)); - _rtw_memcpy(psta->rm_en_cap, - (elem->rm_en_cap), elem->rm_en_cap_len); + + _rtw_memcpy(psta->rm_en_cap, (elem->rm_en_cap), + MIN(elem->rm_en_cap_len, sizeof(psta->rm_en_cap))); } } @@ -2203,7 +2218,8 @@ void RM_IE_handler(_adapter *padapter, PNDIS_802_11_VARIABLE_IEs pIE) { int i; - _rtw_memcpy(&padapter->rmpriv.rm_en_cap_assoc, pIE->data, pIE->Length); + _rtw_memcpy(&padapter->rmpriv.rm_en_cap_assoc, pIE->data, + MIN(pIE->Length, sizeof(padapter->rmpriv.rm_en_cap_assoc))); RTW_INFO("assoc.rm_en_cap="RM_CAP_FMT"\n", RM_CAP_ARG(pIE->data)); } diff --git a/core/rtw_tdls.c b/core/rtw_tdls.c index d557234..a52baf8 100644 --- a/core/rtw_tdls.c +++ b/core/rtw_tdls.c @@ -1918,13 +1918,15 @@ sint On_TDLS_Setup_Req(_adapter *padapter, union recv_frame *precv_frame, struct switch (pIE->ElementID) { case _SUPPORTEDRATES_IE_: - _rtw_memcpy(supportRate, pIE->data, pIE->Length); - supportRateNum = pIE->Length; + if (pIE->Length <= sizeof(supportRate)) { + _rtw_memcpy(supportRate, pIE->data, pIE->Length); + supportRateNum = pIE->Length; + } break; case _COUNTRY_IE_: break; case _EXT_SUPPORTEDRATES_IE_: - if (supportRateNum < sizeof(supportRate)) { + if ((supportRateNum + pIE->Length) <= sizeof(supportRate)) { _rtw_memcpy(supportRate + supportRateNum, pIE->data, pIE->Length); supportRateNum += pIE->Length; } @@ -1935,17 +1937,19 @@ sint On_TDLS_Setup_Req(_adapter *padapter, union recv_frame *precv_frame, struct rsnie_included = 1; if (prx_pkt_attrib->encrypt) { prsnie = (u8 *)pIE; - /* Check CCMP pairwise_cipher presence. */ - ppairwise_cipher = prsnie + 10; - _rtw_memcpy(ptdls_sta->TDLS_RSNIE, pIE->data, pIE->Length); - pairwise_count = *(u16 *)(ppairwise_cipher - 2); - for (k = 0; k < pairwise_count; k++) { - if (_rtw_memcmp(ppairwise_cipher + 4 * k, RSN_CIPHER_SUITE_CCMP, 4) == _TRUE) - ccmp_included = 1; - } + if (pIE->Length <= sizeof(ptdls_sta->TDLS_RSNIE)) { + /* Check CCMP pairwise_cipher presence. */ + ppairwise_cipher = prsnie + 10; + _rtw_memcpy(ptdls_sta->TDLS_RSNIE, pIE->data, pIE->Length); + pairwise_count = *(u16 *)(ppairwise_cipher - 2); + for (k = 0; k < pairwise_count; k++) { + if (_rtw_memcmp(ppairwise_cipher + 4 * k, RSN_CIPHER_SUITE_CCMP, 4) == _TRUE) + ccmp_included = 1; + } - if (ccmp_included == 0) - txmgmt.status_code = _STATS_INVALID_RSNIE_; + if (ccmp_included == 0) + txmgmt.status_code = _STATS_INVALID_RSNIE_; + } } break; case _EXT_CAP_IE_: @@ -2100,13 +2104,15 @@ int On_TDLS_Setup_Rsp(_adapter *padapter, union recv_frame *precv_frame, struct switch (pIE->ElementID) { case _SUPPORTEDRATES_IE_: - _rtw_memcpy(supportRate, pIE->data, pIE->Length); - supportRateNum = pIE->Length; + if (pIE->Length <= sizeof(supportRate)) { + _rtw_memcpy(supportRate, pIE->data, pIE->Length); + supportRateNum = pIE->Length; + } break; case _COUNTRY_IE_: break; case _EXT_SUPPORTEDRATES_IE_: - if (supportRateNum < sizeof(supportRate)) { + if ((supportRateNum + pIE->Length) <= sizeof(supportRate)) { _rtw_memcpy(supportRate + supportRateNum, pIE->data, pIE->Length); supportRateNum += pIE->Length; } diff --git a/hal/btc/halbtc8822b2ant.c b/hal/btc/halbtc8822b2ant.c index 2b20cfc..86673d2 100644 --- a/hal/btc/halbtc8822b2ant.c +++ b/hal/btc/halbtc8822b2ant.c @@ -28,7 +28,7 @@ static const char *const glbt_info_src_8822b_2ant[] = { "BT Info[bt scbd]" }; -u32 glcoex_ver_date_8822b_2ant = 20200302; +u32 glcoex_ver_date_8822b_2ant = 20220812; u32 glcoex_ver_8822b_2ant = 0x7b; u32 glcoex_ver_btdesired_8822b_2ant = 0x79; @@ -2012,6 +2012,11 @@ static void halbtc8822b2ant_table(struct btc_coexist *btc, boolean force_exec, 0xffff55ff, break_table, select_table); break; + case 19: + halbtc8822b2ant_set_table(btc, force_exec, 0x55555555, + 0x6a5a6a5a, break_table, + select_table); + break; default: break; } @@ -3477,7 +3482,7 @@ halbtc8822b2ant_action_wifi_native_lps(struct btc_coexist *btc) BT_8822B_2ANT_PHASE_2G); halbtc8822b2ant_table(btc, NM_EXCU, 8); - halbtc8822b2ant_tdma(btc, NM_EXCU, FALSE, 0); + halbtc8822b2ant_tdma(btc, NM_EXCU, TRUE, 19); } static void diff --git a/hal/hal_dm.c b/hal/hal_dm.c index b42235a..e8c5c61 100644 --- a/hal/hal_dm.c +++ b/hal/hal_dm.c @@ -350,6 +350,15 @@ void rtw_phydm_priv_init(_adapter *adapter) odm_cmn_info_init(phydm, ODM_CMNINFO_PLATFORM, ODM_CE); } +#ifndef CONFIG_LITTLE_ENDIAN +static u8 *convert_to_big_endian(void *value, int size) +{ + u8 *temp; + temp = (u8 *)value + size - 1; + return temp; +} +#endif + void Init_ODM_ComInfo(_adapter *adapter) { struct dvobj_priv *dvobj = adapter_to_dvobj(adapter); @@ -467,11 +476,9 @@ void Init_ODM_ComInfo(_adapter *adapter) odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_TX_UNI, &(dvobj->traffic_stat.tx_bytes)); odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_RX_UNI, &(dvobj->traffic_stat.rx_bytes)); - odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_BAND, &(pHalData->current_band_type)); odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_FORCED_RATE, &(pHalData->ForcedDataRate)); odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_SEC_CHNL_OFFSET, &(pHalData->nCur40MhzPrimeSC)); - odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_SEC_MODE, &(adapter->securitypriv.dot11PrivacyAlgrthm)); #ifdef CONFIG_NARROWBAND_SUPPORTING if ((adapter->registrypriv.rtw_nb_config == RTW_NB_CONFIG_WIDTH_10) || (adapter->registrypriv.rtw_nb_config == RTW_NB_CONFIG_WIDTH_5)) { @@ -479,9 +486,19 @@ void Init_ODM_ComInfo(_adapter *adapter) } else #endif + +#ifdef CONFIG_LITTLE_ENDIAN + odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_BAND, &(pHalData->current_band_type)); + odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_SEC_MODE, &(adapter->securitypriv.dot11PrivacyAlgrthm)); odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_BW, &(pHalData->current_channel_bw)); - odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_CHNL, &(pHalData->current_channel)); odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_NET_CLOSED, &(adapter->net_closed)); +#else /* CONFIG_BIG_ENDIAN */ + odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_BAND, convert_to_big_endian(&(pHalData->current_band_type), sizeof(BAND_TYPE))); + odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_SEC_MODE, convert_to_big_endian(&(adapter->securitypriv.dot11PrivacyAlgrthm), sizeof(u32))); + odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_BW, convert_to_big_endian(&(pHalData->current_channel_bw), sizeof(enum channel_width))); + odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_NET_CLOSED, convert_to_big_endian(&(adapter->net_closed), sizeof(int))); +#endif + odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_CHNL, &(pHalData->current_channel)); odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_SCAN, &(pHalData->bScanInProcess)); odm_cmn_info_hook(pDM_Odm, ODM_CMNINFO_POWER_SAVING, &(pwrctl->bpower_saving)); diff --git a/include/ieee80211.h b/include/ieee80211.h old mode 100644 new mode 100755 index 8e17b22..736d10e --- a/include/ieee80211.h +++ b/include/ieee80211.h @@ -764,6 +764,7 @@ struct ieee80211_snap_hdr { #define WLAN_EID_WIDE_BANDWIDTH_CHANNEL_SWITCH 194 #define WLAN_EID_CHANNEL_SWITCH_WRAPPER 196 #define WLAN_EID_VHT_OP_MODE_NOTIFY 199 +#define WLAN_EID_RSNX 244 #define WLAN_EID_EXTENSION 255 #define WLAN_EID_EXT_OWE_DH_PARAM 32 @@ -1274,6 +1275,7 @@ struct ieee80211_txb { #define MAX_OWE_IE_LEN (128) #define MAX_P2P_IE_LEN (256) #define MAX_WFD_IE_LEN (128) +#define MAX_RSNX_IE_LEN (16) #define NETWORK_EMPTY_ESSID (1<<0) #define NETWORK_HAS_OFDM (1<<1) diff --git a/include/rtw_rm.h b/include/rtw_rm.h index 8aa2b9d..5699f0b 100644 --- a/include/rtw_rm.h +++ b/include/rtw_rm.h @@ -25,6 +25,10 @@ u8 rm_post_event_hdl(_adapter *padapter, u8 *pbuf); #define RM_CAP_ARG(x) ((u8 *)(x))[4], ((u8 *)(x))[3], ((u8 *)(x))[2], ((u8 *)(x))[1], ((u8 *)(x))[0] #define RM_CAP_FMT "%02x %02x%02x %02x%02x" +#ifndef MIN +#define MIN(x, y) (((x) < (y)) ? (x) : (y)) +#endif + /* remember to modify rm_event_name() when adding new event */ enum RM_EV_ID { RM_EV_state_in, @@ -102,4 +106,6 @@ void indicate_beacon_report(u8 *sta_addr, u8 n_measure_rpt, u32 elem_len, u8 *elem); #endif /*CONFIG_RTW_80211K */ +void rm_update_cap(u8 *frame_head, _adapter *pa, u32 pktlen, int offset); + #endif /* __RTW_RM_H_ */ diff --git a/include/rtw_security.h b/include/rtw_security.h index 9cceed6..8cd18a9 100644 --- a/include/rtw_security.h +++ b/include/rtw_security.h @@ -182,6 +182,9 @@ struct security_priv { u8 owe_ie[MAX_OWE_IE_LEN];/* added in assoc req */ int owe_ie_len; + u8 rsnx_ie[MAX_RSNX_IE_LEN]; + int rsnx_ie_len; + u8 binstallGrpkey; #ifdef CONFIG_GTK_OL u8 binstallKCK_KEK; diff --git a/include/rtw_version.h b/include/rtw_version.h index 09afbbf..ad7d38d 100644 --- a/include/rtw_version.h +++ b/include/rtw_version.h @@ -1,2 +1,2 @@ -#define DRIVERVERSION "v5.13.1-20-gbd7c7eb9d.20210702_COEX20210316-18317b7b" -#define BTCOEXVERSION "COEX20210316-18317b7b" +#define DRIVERVERSION "v5.13.1-30-g37e60b26a.20220819_COEX20220812-18317b7b" +#define BTCOEXVERSION "COEX20220812-18317b7b" diff --git a/os_dep/linux/ioctl_cfg80211.c b/os_dep/linux/ioctl_cfg80211.c old mode 100644 new mode 100755 index c605493..a1fbd0f --- a/os_dep/linux/ioctl_cfg80211.c +++ b/os_dep/linux/ioctl_cfg80211.c @@ -205,6 +205,9 @@ static struct ieee80211_channel rtw_5ghz_a_channels[MAX_CHANNEL_NUM_5G] = { CHAN5G(165, 0), CHAN5G(169, 0), CHAN5G(173, 0), CHAN5G(177, 0), }; + +static int rtw_cfg80211_set_assocresp_ies(struct net_device *net, const u8 *buf, int len); + #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0)) static u8 rtw_chbw_to_cfg80211_chan_def(struct wiphy *wiphy, struct cfg80211_chan_def *chdef, u8 ch, u8 bw, u8 offset, u8 ht) { @@ -3042,8 +3045,8 @@ static int rtw_cfg80211_set_probe_req_wpsp2pie(_adapter *padapter, char *buf, in _rtw_memcpy(pmlmepriv->p2p_probe_req_ie, p2p_ie, p2p_ielen); pmlmepriv->p2p_probe_req_ie_len = p2p_ielen; - if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_LISTEN_CH, (u8 *)listen_ch_attr, (uint *) &attr_contentlen) - && attr_contentlen == 5) { + attr_contentlen = sizeof(listen_ch_attr); + if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_LISTEN_CH, (u8 *)listen_ch_attr, (uint *) &attr_contentlen)) { if (wdinfo->listen_channel != listen_ch_attr[4]) { RTW_INFO(FUNC_ADPT_FMT" listen channel - country:%c%c%c, class:%u, ch:%u\n", FUNC_ADPT_ARG(padapter), listen_ch_attr[0], listen_ch_attr[1], listen_ch_attr[2], @@ -3829,7 +3832,8 @@ static int rtw_cfg80211_set_wpa_ie(_adapter *padapter, u8 *pie, size_t ielen) int ret = 0; int wpa_ielen = 0; int wpa2_ielen = 0; - u8 *pwpa, *pwpa2; + int rsnx_ielen = 0; + u8 *pwpa, *pwpa2, *prsnx; u8 null_addr[] = {0, 0, 0, 0, 0, 0}; if (pie == NULL || !ielen) { @@ -3880,7 +3884,26 @@ static int rtw_cfg80211_set_wpa_ie(_adapter *padapter, u8 *pie, size_t ielen) RTW_INFO("got wpa2_ie, wpa2_ielen:%u\n", wpa2_ielen); } - } + + prsnx = rtw_get_ie(buf, WLAN_EID_RSNX, &rsnx_ielen, ielen); + if (prsnx && (rsnx_ielen > 0)) { + if ((rsnx_ielen + 2) <= MAX_RSNX_IE_LEN) { + _rtw_memset(padapter->securitypriv.rsnx_ie, 0, + MAX_RSNX_IE_LEN); + padapter->securitypriv.rsnx_ie_len = \ + (rsnx_ielen + 2); + _rtw_memcpy(padapter->securitypriv.rsnx_ie, + prsnx, + padapter->securitypriv.rsnx_ie_len); + } else + RTW_ERR("%s:no more buf to save RSNX Cap!\n", + __func__); + } else { + _rtw_memset(padapter->securitypriv.rsnx_ie, 0, + MAX_RSNX_IE_LEN); + padapter->securitypriv.rsnx_ie_len = 0; + } + } /* end of (pwpa2 && wpa2_ielen > 0) */ if (group_cipher == 0) group_cipher = WPA_CIPHER_NONE; @@ -5371,6 +5394,13 @@ static int cfg80211_rtw_start_ap(struct wiphy *wiphy, struct net_device *ndev, ret = rtw_add_beacon(adapter, settings->beacon.head, settings->beacon.head_len, settings->beacon.tail, settings->beacon.tail_len); + if (settings->beacon.assocresp_ies && + settings->beacon.assocresp_ies_len > 0) { + rtw_cfg80211_set_assocresp_ies(ndev, + settings->beacon.assocresp_ies, + settings->beacon.assocresp_ies_len); + } + if (settings->ssid && settings->ssid_len) { WLAN_BSSID_EX *pbss_network = &adapter->mlmepriv.cur_network.network; WLAN_BSSID_EX *pbss_network_ext = &adapter->mlmeextpriv.mlmext_info.network; @@ -5395,6 +5425,37 @@ exit: return ret; } +static int rtw_cfg80211_set_assocresp_ies(struct net_device *net, const u8 *buf, int len) +{ + int ret = 0; + _adapter *padapter = (_adapter *)rtw_netdev_priv(net); + struct mlme_priv *pmlmepriv = &(padapter->mlmepriv); + + RTW_INFO("%s, ielen=%d\n", __func__, len); + + if (len <= 0) + goto exit; + + if (pmlmepriv->assoc_rsp) { + u32 free_len = pmlmepriv->assoc_rsp_len; + + pmlmepriv->assoc_rsp_len = 0; + rtw_mfree(pmlmepriv->assoc_rsp, free_len); + pmlmepriv->assoc_rsp = NULL; + } + + pmlmepriv->assoc_rsp = rtw_malloc(len); + if (pmlmepriv->assoc_rsp == NULL) { + RTW_INFO("%s()-%d: rtw_malloc() ERROR!\n", __FUNCTION__, __LINE__); + return -EINVAL; + } + _rtw_memcpy(pmlmepriv->assoc_rsp, buf, len); + pmlmepriv->assoc_rsp_len = len; + +exit: + return ret; +} + static int cfg80211_rtw_change_beacon(struct wiphy *wiphy, struct net_device *ndev, #if (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 7, 0)) struct cfg80211_ap_update *ap) @@ -6464,6 +6525,7 @@ static int rtw_cfg80211_set_probe_resp_wpsp2pie(struct net_device *net, char *bu #endif /* Check P2P Capability ATTR */ + attr_contentlen = sizeof(cap_attr); if (rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_CAPABILITY, (u8 *)&cap_attr, (uint *) &attr_contentlen)) { u8 grp_cap = 0; /* RTW_INFO( "[%s] Got P2P Capability Attr!!\n", __FUNCTION__ ); */ @@ -7250,6 +7312,7 @@ void rtw_cfg80211_issue_p2p_provision_request(_adapter *padapter, const u8 *buf, pwdinfo->tx_prov_disc_info.wps_config_method_request = WPS_CM_PUSH_BUTTON; rtw_get_wps_ie(frame_body + _PUBLIC_ACTION_IE_OFFSET_, frame_body_len - _PUBLIC_ACTION_IE_OFFSET_, wpsie, &wpsielen); + wps_devicepassword_id_len = sizeof(wps_devicepassword_id); rtw_get_wps_attr_content(wpsie, wpsielen, WPS_ATTR_DEVICE_PWID, (u8 *) &wps_devicepassword_id, &wps_devicepassword_id_len); wps_devicepassword_id = be16_to_cpu(wps_devicepassword_id); @@ -7277,7 +7340,9 @@ void rtw_cfg80211_issue_p2p_provision_request(_adapter *padapter, const u8 *buf, if (rtw_get_p2p_ie(frame_body + _PUBLIC_ACTION_IE_OFFSET_, frame_body_len - _PUBLIC_ACTION_IE_OFFSET_, p2p_ie, &p2p_ielen)) { + devinfo_contentlen = sizeof(devinfo_content); rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_DEVICE_INFO, devinfo_content, &devinfo_contentlen); + capability_len = sizeof(capability); rtw_get_p2p_attr_content(p2p_ie, p2p_ielen, P2P_ATTR_CAPABILITY, (u8 *)&capability, &capability_len); } diff --git a/os_dep/linux/ioctl_linux.c b/os_dep/linux/ioctl_linux.c old mode 100644 new mode 100755 index 1751022..964ec30 --- a/os_dep/linux/ioctl_linux.c +++ b/os_dep/linux/ioctl_linux.c @@ -4304,6 +4304,7 @@ static int rtw_p2p_get_wps_configmethod(struct net_device *dev, wpsie = rtw_get_wps_ie_from_scan_queue(&pnetwork->network.IEs[0], pnetwork->network.IELength, NULL, &wpsie_len, pnetwork->network.Reserved[0]); if (wpsie) { + attr_contentlen = sizeof(attr_content); rtw_get_wps_attr_content(wpsie, wpsie_len, WPS_ATTR_CONF_METHOD, (u8 *)&attr_content, &attr_contentlen); if (attr_contentlen) { attr_content = be16_to_cpu(attr_content); @@ -4437,6 +4438,7 @@ static int rtw_p2p_get_go_device_address(struct net_device *dev, /* The P2P Device Info attribute is included in the probe response frame. */ _rtw_memset(attr_content, 0x00, 100); + attr_contentlen = sizeof(attr_content); if (rtw_get_p2p_attr_content(p2pie, p2pielen, P2P_ATTR_DEVICE_ID, attr_content, &attr_contentlen)) { /* Handle the P2P Device ID attribute of Beacon first */ blnMatch = 1; @@ -4519,6 +4521,7 @@ static int rtw_p2p_get_device_type(struct net_device *dev, wpsie = rtw_get_wps_ie_from_scan_queue(&pnetwork->network.IEs[0], pnetwork->network.IELength, NULL, &wpsie_len, pnetwork->network.Reserved[0]); if (wpsie) { + dev_type_len = sizeof(dev_type); rtw_get_wps_attr_content(wpsie, wpsie_len, WPS_ATTR_PRIMARY_DEV_TYPE, dev_type, &dev_type_len); if (dev_type_len) { u16 type = 0; @@ -4593,6 +4596,7 @@ static int rtw_p2p_get_device_name(struct net_device *dev, wpsie = rtw_get_wps_ie_from_scan_queue(&pnetwork->network.IEs[0], pnetwork->network.IELength, NULL, &wpsie_len, pnetwork->network.Reserved[0]); if (wpsie) { + dev_len = sizeof(dev_name); rtw_get_wps_attr_content(wpsie, wpsie_len, WPS_ATTR_DEVICE_NAME, dev_name, &dev_len); if (dev_len) { sprintf(dev_name_str, "\n\nN=%s", dev_name); @@ -4633,7 +4637,7 @@ static int rtw_p2p_get_invitation_procedure(struct net_device *dev, struct wlan_network *pnetwork = NULL; u8 blnMatch = 0; u8 *p2pie; - uint p2pielen = 0, attr_contentlen = 0; + uint p2pielen = 0, attr_contentlen = 2; u8 attr_content[2] = { 0x00 }; u8 inv_proc_str[P2P_PRIVATE_IOCTL_SET_LEN] = { 0x00 }; @@ -4664,6 +4668,7 @@ static int rtw_p2p_get_invitation_procedure(struct net_device *dev, if (p2pie) { while (p2pie) { /* _rtw_memset( attr_content, 0x00, 2); */ + attr_contentlen = sizeof(attr_content); if (rtw_get_p2p_attr_content(p2pie, p2pielen, P2P_ATTR_CAPABILITY, attr_content, &attr_contentlen)) { /* Handle the P2P capability attribute */ blnMatch = 1; @@ -4836,7 +4841,7 @@ static int rtw_p2p_invite_req(struct net_device *dev, uint uintPeerChannel = 0; u8 attr_content[50] = { 0x00 }; u8 *p2pie; - uint p2pielen = 0, attr_contentlen = 0; + uint p2pielen = 0, attr_contentlen = 50; _irqL irqL; struct tx_invite_req_info *pinvite_req_info = &pwdinfo->invitereq_info; #ifdef CONFIG_CONCURRENT_MODE @@ -4894,6 +4899,7 @@ static int rtw_p2p_invite_req(struct net_device *dev, /* The P2P Device ID attribute is included in the Beacon frame. */ /* The P2P Device Info attribute is included in the probe response frame. */ + attr_contentlen = sizeof(attr_content); if (rtw_get_p2p_attr_content(p2pie, p2pielen, P2P_ATTR_DEVICE_ID, attr_content, &attr_contentlen)) { /* Handle the P2P Device ID attribute of Beacon first */ if (_rtw_memcmp(attr_content, pinvite_req_info->peer_macaddr, ETH_ALEN)) { @@ -5109,7 +5115,7 @@ static int rtw_p2p_set_pc(struct net_device *dev, struct wlan_network *pnetwork = NULL; u8 attr_content[50] = { 0x00 }; u8 *p2pie; - uint p2pielen = 0, attr_contentlen = 0; + uint p2pielen = 0, attr_contentlen = 50; _irqL irqL; uint uintPeerChannel = 0; @@ -5149,6 +5155,7 @@ static int rtw_p2p_set_pc(struct net_device *dev, /* The P2P Device ID attribute is included in the Beacon frame. */ /* The P2P Device Info attribute is included in the probe response frame. */ printk("[%s] Got P2P IE\n", __FUNCTION__); + attr_contentlen = sizeof(attr_content); if (rtw_get_p2p_attr_content(p2pie, p2pielen, P2P_ATTR_DEVICE_ID, attr_content, &attr_contentlen)) { /* Handle the P2P Device ID attribute of Beacon first */ printk("[%s] P2P_ATTR_DEVICE_ID\n", __FUNCTION__); @@ -5321,7 +5328,7 @@ static int rtw_p2p_prov_disc(struct net_device *dev, uint uintPeerChannel = 0; u8 attr_content[100] = { 0x00 }; u8 *p2pie; - uint p2pielen = 0, attr_contentlen = 0; + uint p2pielen = 0, attr_contentlen = 100; _irqL irqL; #ifdef CONFIG_CONCURRENT_MODE struct roch_info *prochinfo = &padapter->rochinfo; @@ -5390,7 +5397,7 @@ static int rtw_p2p_prov_disc(struct net_device *dev, while (p2pie) { /* The P2P Device ID attribute is included in the Beacon frame. */ /* The P2P Device Info attribute is included in the probe response frame. */ - + attr_contentlen = sizeof(attr_content); if (rtw_get_p2p_attr_content(p2pie, p2pielen, P2P_ATTR_DEVICE_ID, attr_content, &attr_contentlen)) { /* Handle the P2P Device ID attribute of Beacon first */ if (_rtw_memcmp(attr_content, peerMAC, ETH_ALEN)) { diff --git a/os_dep/linux/os_intfs.c b/os_dep/linux/os_intfs.c index 0a5bc72..4988d3d 100644 --- a/os_dep/linux/os_intfs.c +++ b/os_dep/linux/os_intfs.c @@ -433,17 +433,11 @@ int rtw_hwpwrp_detect = 1; int rtw_hwpwrp_detect = 0; /* HW power ping detect 0:disable , 1:enable */ #endif - -/* -Causes excessive rescanning by nature of WPS, the "Push Button Configuration" - being something initialized on the access point by button due to the - traditionally non-graphical nature of routers. This should only be enabled - during those events, otherwise the radio(s) will have to drop beam forming - capabilities to do a general scan for an access point emitting the unsecured - connection information. -*/ +#ifdef CONFIG_USB_HCI +int rtw_hw_wps_pbc = 1; +#else int rtw_hw_wps_pbc = 0; - +#endif #ifdef CONFIG_80211D int rtw_80211d = 0;