If a VHT STA has an invalid VHT Capabilities element, the VHT
capability of the STA is deactivated but the VHT operation and vendor
elements might still be copied without the VHT Capabilities element
being present.
Only copy the VHT operation and vendor element if a STA is VHT.
Signed-off-by: Pablo Martin-Gomez <pmartin-gomez@xxxxxxxxxx>
---
src/ap/ieee802_11_vht.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c
index 7415635bf..8d760418d 100644
--- a/src/ap/ieee802_11_vht.c
+++ b/src/ap/ieee802_11_vht.c
@@ -216,7 +216,7 @@ u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
u16 copy_sta_vht_oper(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *vht_oper)
{
- if (!vht_oper) {
+ if (!vht_oper || !(sta->flags & WLAN_STA_VHT)) {
os_free(sta->vht_operation);
sta->vht_operation = NULL;
return WLAN_STATUS_SUCCESS;
@@ -243,7 +243,7 @@ u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta,
unsigned int vht_capab_len;
if (!ie || len < 5 + 2 + sizeof(struct ieee80211_vht_capabilities) ||
- hapd->conf->disable_11ac)
+ hapd->conf->disable_11ac || !(sta->flags & WLAN_STA_VHT))
goto no_capab;
/* The VHT Capabilities element embedded in vendor VHT */
--
2.43.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
