scan: fix crash when driver doesn't report frame type

Commit Message

Sergey Matyukevich Aug. 4, 2018, 8:31 p.m. UTC

If driver does not know what kind of frame has been received from BSS,
then it is possible to specify CFG80211_BSS_FTYPE_UNKNOWN
in cfg80211_inform_bss[_width].

In this case neither NL80211_BSS_BEACON_IES nor NL80211_BSS_PRESP_DATA
will be reported to userspace.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
---
 scan.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Sergey Matyukevich Aug. 8, 2018, 11:20 a.m. UTC | #1

> If driver does not know what kind of frame has been received from BSS,
> then it is possible to specify CFG80211_BSS_FTYPE_UNKNOWN
> in cfg80211_inform_bss[_width].
> 
> In this case neither NL80211_BSS_BEACON_IES nor NL80211_BSS_PRESP_DATA
> will be reported to userspace.

The fix is for iw tool, so the patch title is a bit confusing.
It should have been something like this:
[PATCH] iw: scan: fix crash when driver doesn't report frame type

Regards,
Sergey

Patch

diff --git a/scan.c b/scan.c
index 09b04a5..d9681f3 100644
--- a/scan.c
+++ b/scan.c
@@ -2188,8 +2188,8 @@  static int print_bss_handler(struct nl_msg *msg, void *arg)
 		struct nlattr *bcnies = bss[NL80211_BSS_BEACON_IES];
 
 		if (bss[NL80211_BSS_PRESP_DATA] ||
-		    nla_len(ies) != nla_len(bcnies) ||
-		    memcmp(nla_data(ies), nla_data(bcnies), nla_len(ies)))
+		    (bcnies && (nla_len(ies) != nla_len(bcnies) ||
+		    memcmp(nla_data(ies), nla_data(bcnies), nla_len(ies)))))
 			printf("\tInformation elements from Probe Response "
 			       "frame:\n");
 		print_ies(nla_data(ies), nla_len(ies),