net80211: ieee80211_probereq_ie fix length calculation for hw scans

c338cf2c6d5eacdee813191d5976aa531d450ee7 split up ieee80211_probereq_ie(). For HW scans we usually do not want to add a SSID to the IEs. During that split we allocate memory based on the length which will always include the length of the SSID and only later we reduced the length but never updated the value passed back to the caller. Split the SSID handling up and reduce the length before malloc(). This not only makes us not over-allocate in these situatoins but also fixes the length returned to the caller and with that usually directly passed to firmware. Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Reviewed by: adrian Differential Revision: https://reviews.freebsd.org/D30813
2021-06-18 09:57:16 +00:00 · 2021-06-18 09:57:16 +00:00 · 243b95978d
commit 243b95978d
parent 399da52fff
1 changed files with 5 additions and 4 deletions
--- a/sys/net80211/ieee80211_output.c
+++ b/sys/net80211/ieee80211_output.c
@ -2472,6 +2472,10 @@ ieee80211_probereq_ie(struct ieee80211vap *vap, struct ieee80211com *ic,
 	if (!alloc && len > *frmlen)
 		return (ENOBUFS);

+	/* For HW scans we usually do not pass in the SSID as IE. */
+	if (ssidlen == -1)
+		len -= (2 + IEEE80211_NWID_LEN);
+
 	if (alloc) {
 		frm = malloc(len, M_80211_VAP, M_WAITOK | M_ZERO);
 		*frmp = frm;
@ -2479,10 +2483,7 @@ ieee80211_probereq_ie(struct ieee80211vap *vap, struct ieee80211com *ic,
 	} else
 		frm = *frmp;

-	/* For HW scans we usually do not pass in the SSID as IE. */
-	if (ssidlen == -1)
-		len -= (2 + IEEE80211_NWID_LEN);
-	else
+	if (ssidlen != -1)
 		frm = ieee80211_add_ssid(frm, ssid, ssidlen);
 	rs = ieee80211_get_suprates(ic, ic->ic_curchan);
 	frm = ieee80211_add_rates(frm, rs);