summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tools/openwfd_ie.c40
1 files changed, 21 insertions, 19 deletions
diff --git a/tools/openwfd_ie.c b/tools/openwfd_ie.c
index a3d4741..334e455 100644
--- a/tools/openwfd_ie.c
+++ b/tools/openwfd_ie.c
@@ -126,8 +126,8 @@ static void print_ie(const void *data, size_t len)
ie = data;
/* check for valid IE header length */
- if (len < 6) {
- print_err("remaining data too small (%u < 6)",
+ if (len < 2) {
+ print_err("remaining data too small (%u < 2)",
(unsigned int)len);
goto error;
}
@@ -145,23 +145,12 @@ static void print_ie(const void *data, size_t len)
print_line("length: %u", (unsigned int)ie->length);
- if (be32toh(ie->oui) == OPENWFD_WFD_IE_OUI_1_0)
- print_line("oui: 0x%x (WFD-1.0)", (unsigned int)be32toh(ie->oui));
- else
- print_line("oui: 0x%x (UNKNOWN)", (unsigned int)be32toh(ie->oui));
-
/* skip header */
- data = ((char*)data) + 6;
- len -= 6;
+ data = ((char*)data) + 2;
+ len -= 2;
/* check that data payload does not exceed buffer */
- if (ie->length > OPENWFD_WFD_IE_DATA_MAX) {
- print_err("IE length too big (%u > %u), aborting",
- (unsigned int)ie->length,
- OPENWFD_WFD_IE_DATA_MAX);
- indent_out();
- goto error;
- } else if (ie->length > len) {
+ if (ie->length > len) {
print_err("IE length bigger than remaining data (%u > %u), aborting",
(unsigned int)ie->length, len);
indent_out();
@@ -177,14 +166,27 @@ static void print_ie(const void *data, size_t len)
print_err("IE ID unknown, aborting");
indent_out();
goto error;
+ }
+
+ /* parse OUI */
+ if (ie->length < 4) {
+ print_err("WFD IE lacks OUI (len %u < 4)",
+ (unsigned int)ie->length);
+ indent_out();
+ goto error;
} else if (be32toh(ie->oui) != OPENWFD_WFD_IE_OUI_1_0) {
+ print_line("oui: 0x%x (UNKNOWN)",
+ (unsigned int)be32toh(ie->oui));
print_err("WFD IE OUI unknown, aborting");
indent_out();
goto error;
}
- /* iterate over sub-elements */
- l = ie->length;
+ print_line("oui: 0x%x (WFD-1.0)",
+ (unsigned int)be32toh(ie->oui));
+
+ /* skip OUI */
+ l = ie->length - 4;
h = ie->data;
while (l > 0) {
/* If @col is non-NULL, we are collecting IEs. See
@@ -328,7 +330,7 @@ int main(int argc, char **argv)
memset(&s, 0, sizeof(s));
s.ie1.element_id = OPENWFD_WFD_IE_ID;
- s.ie1.length = sizeof(s.sub1) + sizeof(s.dev_info);
+ s.ie1.length = 4 + sizeof(s.sub1) + sizeof(s.dev_info);
s.ie1.oui = htobe32(OPENWFD_WFD_IE_OUI_1_0);
s.sub1.subelement_id = OPENWFD_WFD_IE_SUB_DEV_INFO;