Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / staging / rtl8712 / mlme_linux.c
blobabf96c14df93a34a5ee2709146f3ea16fcdb10cb
1 /******************************************************************************
2 * mlme_linux.c
4 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
5 * Linux device driver for RTL8192SU
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of version 2 of the GNU General Public License as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
20 * Modifications for inclusion into the Linux staging tree are
21 * Copyright(c) 2010 Larry Finger. All rights reserved.
23 * Contact information:
24 * WLAN FAE <wlanfae@realtek.com>.
25 * Larry Finger <Larry.Finger@lwfinger.net>
27 ******************************************************************************/
29 #define _MLME_OSDEP_C_
31 #include "osdep_service.h"
32 #include "drv_types.h"
33 #include "mlme_osdep.h"
35 static void sitesurvey_ctrl_handler(void *FunctionContext)
37 struct _adapter *adapter = (struct _adapter *)FunctionContext;
39 _r8712_sitesurvey_ctrl_handler(adapter);
40 _set_timer(&adapter->mlmepriv.sitesurveyctrl.sitesurvey_ctrl_timer,
41 3000);
44 static void join_timeout_handler (void *FunctionContext)
46 struct _adapter *adapter = (struct _adapter *)FunctionContext;
47 _r8712_join_timeout_handler(adapter);
50 static void _scan_timeout_handler (void *FunctionContext)
52 struct _adapter *adapter = (struct _adapter *)FunctionContext;
53 r8712_scan_timeout_handler(adapter);
56 static void dhcp_timeout_handler (void *FunctionContext)
58 struct _adapter *adapter = (struct _adapter *)FunctionContext;
59 _r8712_dhcp_timeout_handler(adapter);
62 static void wdg_timeout_handler (void *FunctionContext)
64 struct _adapter *adapter = (struct _adapter *)FunctionContext;
66 _r8712_wdg_timeout_handler(adapter);
68 _set_timer(&adapter->mlmepriv.wdg_timer, 2000);
71 void r8712_init_mlme_timer(struct _adapter *padapter)
73 struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
75 _init_timer(&(pmlmepriv->assoc_timer), padapter->pnetdev,
76 join_timeout_handler, (pmlmepriv->nic_hdl));
77 _init_timer(&(pmlmepriv->sitesurveyctrl.sitesurvey_ctrl_timer),
78 padapter->pnetdev, sitesurvey_ctrl_handler,
79 (u8 *)(pmlmepriv->nic_hdl));
80 _init_timer(&(pmlmepriv->scan_to_timer), padapter->pnetdev,
81 _scan_timeout_handler, (pmlmepriv->nic_hdl));
82 _init_timer(&(pmlmepriv->dhcp_timer), padapter->pnetdev,
83 dhcp_timeout_handler, (u8 *)(pmlmepriv->nic_hdl));
84 _init_timer(&(pmlmepriv->wdg_timer), padapter->pnetdev,
85 wdg_timeout_handler, (u8 *)(pmlmepriv->nic_hdl));
88 void r8712_os_indicate_connect(struct _adapter *adapter)
90 r8712_indicate_wx_assoc_event(adapter);
91 netif_carrier_on(adapter->pnetdev);
94 static struct RT_PMKID_LIST backupPMKIDList[NUM_PMKID_CACHE];
95 void r8712_os_indicate_disconnect(struct _adapter *adapter)
97 u8 backupPMKIDIndex = 0;
98 u8 backupTKIPCountermeasure = 0x00;
100 r8712_indicate_wx_disassoc_event(adapter);
101 netif_carrier_off(adapter->pnetdev);
102 if (adapter->securitypriv.AuthAlgrthm == 2) { /*/802.1x*/
103 /* We have to backup the PMK information for WiFi PMK Caching
104 * test item. Backup the btkip_countermeasure information.
105 * When the countermeasure is trigger, the driver have to
106 * disconnect with AP for 60 seconds.
109 memset(&backupPMKIDList[0], 0x00, sizeof(
110 struct RT_PMKID_LIST) * NUM_PMKID_CACHE);
111 memcpy(&backupPMKIDList[0], &adapter->securitypriv.
112 PMKIDList[0], sizeof(struct RT_PMKID_LIST) *
113 NUM_PMKID_CACHE);
114 backupPMKIDIndex = adapter->securitypriv.PMKIDIndex;
115 backupTKIPCountermeasure = adapter->securitypriv.
116 btkip_countermeasure;
117 memset((unsigned char *)&adapter->securitypriv, 0,
118 sizeof(struct security_priv));
119 _init_timer(&(adapter->securitypriv.tkip_timer),
120 adapter->pnetdev, r8712_use_tkipkey_handler,
121 adapter);
122 /* Restore the PMK information to securitypriv structure
123 * for the following connection. */
124 memcpy(&adapter->securitypriv.PMKIDList[0],
125 &backupPMKIDList[0],
126 sizeof(struct RT_PMKID_LIST) * NUM_PMKID_CACHE);
127 adapter->securitypriv.PMKIDIndex = backupPMKIDIndex;
128 adapter->securitypriv.btkip_countermeasure =
129 backupTKIPCountermeasure;
130 } else { /*reset values in securitypriv*/
131 struct security_priv *psec_priv = &adapter->securitypriv;
133 psec_priv->AuthAlgrthm = 0; /*open system*/
134 psec_priv->PrivacyAlgrthm = _NO_PRIVACY_;
135 psec_priv->PrivacyKeyIndex = 0;
136 psec_priv->XGrpPrivacy = _NO_PRIVACY_;
137 psec_priv->XGrpKeyid = 1;
138 psec_priv->ndisauthtype = Ndis802_11AuthModeOpen;
139 psec_priv->ndisencryptstatus = Ndis802_11WEPDisabled;
140 psec_priv->wps_phase = false;
144 void r8712_report_sec_ie(struct _adapter *adapter, u8 authmode, u8 *sec_ie)
146 uint len;
147 u8 *buff, *p, i;
148 union iwreq_data wrqu;
150 buff = NULL;
151 if (authmode == _WPA_IE_ID_) {
152 buff = _malloc(IW_CUSTOM_MAX);
153 if (buff == NULL)
154 return;
155 memset(buff, 0, IW_CUSTOM_MAX);
156 p = buff;
157 p += sprintf(p, "ASSOCINFO(ReqIEs=");
158 len = sec_ie[1] + 2;
159 len = (len < IW_CUSTOM_MAX) ? len : IW_CUSTOM_MAX;
160 for (i = 0; i < len; i++)
161 p += sprintf(p, "%02x", sec_ie[i]);
162 p += sprintf(p, ")");
163 memset(&wrqu, 0, sizeof(wrqu));
164 wrqu.data.length = p-buff;
165 wrqu.data.length = (wrqu.data.length < IW_CUSTOM_MAX) ?
166 wrqu.data.length : IW_CUSTOM_MAX;
167 wireless_send_event(adapter->pnetdev, IWEVCUSTOM, &wrqu, buff);
168 kfree(buff);