diff --git a/src/cmdu_validate.c b/src/cmdu_validate.c
index 4306f544d1365e686c3912023f284475a69dac2d..671bc4639bdfb0fa4cdc1db18625cb7b7c9ffb81 100644
--- a/src/cmdu_validate.c
+++ b/src/cmdu_validate.c
@@ -105,7 +105,7 @@ static int check_searched_service_tlv(struct tlv *t)
return check_service_tlv(t);
}
-bool validate_channel_scan_report(struct cmdu_buff *cmdu, struct tlv *tv_tsp[][16],
+bool validate_channel_scan_report(struct cmdu_buff *cmdu, struct tlv *tv_tsp[][TLV_MAXNUM],
struct tlv *tv_scan[], int *num)
{
int i, j;
@@ -239,7 +239,7 @@ bool validate_channel_scan_report(struct cmdu_buff *cmdu, struct tlv *tv_tsp[][1
return true;
}
-bool validate_topology_response(struct cmdu_buff *cmdu, struct tlv *tv[][16])
+bool validate_topology_response(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM])
{
trace("%s: --->\n", __func__);
@@ -425,7 +425,7 @@ bool validate_topology_response(struct cmdu_buff *cmdu, struct tlv *tv[][16])
#ifdef EASYMESH_VENDOR_EXT
/* TLV_TYPE_VENDOR_SPECIFIC */
- while (tv[10][num]) {
+ while (num < TLV_MAXNUM && tv[10][num]) {
uint16_t tlv_len = 0;
struct tlv_vendor_bbss *tlv;
int i, offset = 0;
@@ -597,7 +597,7 @@ static int check_ap_radio_basic_cap_tlv(struct tlv *t)
return 0;
}
-bool validate_ap_autoconfig_wsc(struct cmdu_buff *cmdu, struct tlv *tv[][16])
+bool validate_ap_autoconfig_wsc(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM])
{
struct tlv_policy a_policy[] = {
[0] = { .type = MAP_TLV_AP_RADIO_BASIC_CAPABILITIES,
@@ -660,7 +660,7 @@ bool validate_ap_autoconfig_wsc(struct cmdu_buff *cmdu, struct tlv *tv[][16])
* 4: SearchedService TLV
* 5: MultiAP Profile TLV
**/
-bool validate_ap_autoconfig_search(struct cmdu_buff *cmdu, struct tlv *tv[][16])
+bool validate_ap_autoconfig_search(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM])
{
struct tlv_policy a_policy[] = {
[0] = { .type = TLV_TYPE_AL_MAC_ADDRESS_TYPE,
@@ -717,7 +717,7 @@ bool validate_ap_autoconfig_search(struct cmdu_buff *cmdu, struct tlv *tv[][16])
* 2: SupportedService TLV
* 3: MultiAP Profile TLV
**/
-bool validate_ap_autoconfig_response(struct cmdu_buff *cmdu, struct tlv *tv[][16])
+bool validate_ap_autoconfig_response(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM])
{
struct tlv_policy a_policy[] = {
[0] = { .type = TLV_TYPE_SUPPORTED_ROLE,
diff --git a/src/cmdu_validate.h b/src/cmdu_validate.h
index d173b6da23adc01da9ce8db44fabe4cd31cd22f4..069fedb4e2a1c92c33ca71c7eeee4efe70ae8a64 100644
--- a/src/cmdu_validate.h
+++ b/src/cmdu_validate.h
@@ -3,11 +3,11 @@
#ifndef CMDU_VALIDATE
#define CMDU_VALIDATE
-bool validate_channel_scan_report(struct cmdu_buff *cmdu, struct tlv *tv_tsp[][16],
+bool validate_channel_scan_report(struct cmdu_buff *cmdu, struct tlv *tv_tsp[][TLV_MAXNUM],
struct tlv *tv_scan[], int *num);
-bool validate_topology_response(struct cmdu_buff *cmdu, struct tlv *tv_tsp[][16]);
-bool validate_ap_autoconfig_wsc(struct cmdu_buff *cmdu, struct tlv *tv[][16]);
-bool validate_ap_autoconfig_search(struct cmdu_buff *cmdu, struct tlv *tv[][16]);
-bool validate_ap_autoconfig_response(struct cmdu_buff *cmdu, struct tlv *tv[][16]);
+bool validate_topology_response(struct cmdu_buff *cmdu, struct tlv *tv_tsp[][TLV_MAXNUM]);
+bool validate_ap_autoconfig_wsc(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM]);
+bool validate_ap_autoconfig_search(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM]);
+bool validate_ap_autoconfig_response(struct cmdu_buff *cmdu, struct tlv *tv[][TLV_MAXNUM]);
#endif // CMDU_VALIDATE
diff --git a/src/cntlr.c b/src/cntlr.c
index f038a2e40feaaa36e6093a00f476950589d4083e..a210985e0003653ab8fcbd49205ce4196f1b8fdd 100644
--- a/src/cntlr.c
+++ b/src/cntlr.c
@@ -2044,7 +2044,7 @@ int handle_link_metrics_response(struct controller *c, struct cmdu_buff *cstruct
[0] = { .type = TLV_TYPE_TRANSMITTER_LINK_METRIC, .present = TLV_PRESENT_MORE},
[1] = { .type = TLV_TYPE_RECEIVER_LINK_METRIC, .present = TLV_PRESENT_MORE},
};
- struct tlv *tv[2][16];
+ struct tlv *tv[2][TLV_MAXNUM] = {0};
int num = 0;
int ret;
@@ -2059,7 +2059,7 @@ int handle_link_metrics_response(struct controller *c, struct cmdu_buff *cstruct
cmdu_parse_tlvs(cstruct, tv, a_policy, 2);
/* Storing 1905 Link Metrics TLV */
- while (tv[0][num]) {
+ while (num < TLV_MAXNUM && tv[0][num]) {
struct tlv_tx_linkmetric *txl =
(struct tlv_tx_linkmetric *)tv[0][num]->data;
@@ -2078,7 +2078,7 @@ int handle_link_metrics_response(struct controller *c, struct cmdu_buff *cstruct
}
num = 0;
- while (tv[1][num]) {
+ while (num < TLV_MAXNUM && tv[1][num]) {
struct tlv_rx_linkmetric *rxl =
(struct tlv_rx_linkmetric *)tv[1][num]->data;
diff --git a/src/cntlr_map.c b/src/cntlr_map.c
index 02676970f57258c8fcbdb4f2431587f393ad02e3..64710dd723a7e39aade9ddf819f812f1c254ff50 100644
--- a/src/cntlr_map.c
+++ b/src/cntlr_map.c
@@ -119,7 +119,7 @@ int handle_topology_response(void *cntlr, struct cmdu_buff *cmdu)
trace("%s: --->\n", __func__);
struct controller *c = (struct controller *) cntlr;
- struct tlv *tv[11][16] = {0};
+ struct tlv *tv[11][TLV_MAXNUM] = {0};
struct node *n;
#ifdef EASYMESH_VENDOR_EXT
int num = 0;
@@ -196,7 +196,7 @@ int handle_topology_response(void *cntlr, struct cmdu_buff *cmdu)
}
#ifdef EASYMESH_VENDOR_EXT
/* vendor tlv containing backhaul interfaces only */
- while (tv[10][num]) {
+ while (num < TLV_MAXNUM && tv[10][num]) {
struct tlv_vendor_bbss *tlv;
int i, offset = 0;
uint8_t oui2[3]; /* TODO: use the same vendor oui-type */
@@ -663,7 +663,7 @@ int handle_ap_autoconfig_search(void *cntlr, struct cmdu_buff *rx_cmdu)
struct tlv_autoconfig_band *freq;
struct cmdu_buff *cmdu;
uint8_t aladdr_origin[6] = {0};
- struct tlv *tv[6][16] = {0};
+ struct tlv *tv[6][TLV_MAXNUM] = {0};
int ret = 0;
char freq_band[8] = {0};
@@ -732,7 +732,7 @@ int handle_ap_autoconfig_response(void *cntlr, struct cmdu_buff *rx_cmdu)
trace("%s: --->\n", __func__);
struct controller *c = (struct controller *) cntlr;
bool has_cntlr = false;
- struct tlv *tv[4][16] = {0};
+ struct tlv *tv[4][TLV_MAXNUM] = {0};
if (!validate_ap_autoconfig_response(rx_cmdu, tv)) {
dbg("cmdu validation: [AP_AUTOCONFIG_RESPONSE] failed\n");
@@ -809,7 +809,7 @@ int handle_ap_autoconfig_wsc(void *cntlr, struct cmdu_buff *rx_cmdu)
struct controller *c = (struct controller *) cntlr;
struct cmdu_buff *cmdu;
- struct tlv *tv[4][16] = {0};
+ struct tlv *tv[4][TLV_MAXNUM] = {0};
struct tlv_ap_radio_basic_cap *ap_caps;
uint8_t wildcard[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
struct node_policy *np;
@@ -867,7 +867,7 @@ int handle_ap_caps_report(void *cntlr, struct cmdu_buff *cmdu)
int i = 0;
int offset = 0;
struct controller *c = (struct controller *) cntlr;
- struct tlv *tv[9][16];
+ struct tlv *tv[9][TLV_MAXNUM] = {0};
struct tlv_policy d_policy[] = {
[0] = {
.type = MAP_TLV_AP_CAPABILITY,
@@ -925,7 +925,7 @@ int handle_ap_caps_report(void *cntlr, struct cmdu_buff *cmdu)
index = 0;
/* Parse AP Radio Basic Capabilities TLV */
- while (tv[1][index] && (index < 16)) {
+ while (index < TLV_MAXNUM && tv[1][index]) {
struct netif_radio *r;
uint8_t *tv_data = (uint8_t *)tv[1][index++]->data;
struct tlv_ap_radio_basic_cap *p =
@@ -972,7 +972,7 @@ int handle_channel_pref_report(void *cntlr, struct cmdu_buff *cmdu)
[2] = { .type = MAP_TLV_CAC_COMPLETION_REPORT, .present = TLV_PRESENT_MORE },
[3] = { .type = MAP_TLV_CAC_STATUS_REPORT, .present = TLV_PRESENT_ONE },
};
- struct tlv *tv[ARRAY_SIZE(pref_policy)][16] = { 0 };
+ struct tlv *tv[ARRAY_SIZE(pref_policy)][TLV_MAXNUM] = { 0 };
struct netif_radio *radio;
struct node *node;
@@ -984,7 +984,7 @@ int handle_channel_pref_report(void *cntlr, struct cmdu_buff *cmdu)
cmdu_parse_tlvs(cmdu, tv, pref_policy, 4);
idx = 0;
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
struct tlv *t = (struct tlv *)tv[0][idx++];
uint8_t mac[6] = { 0 };
int num_opclass;
@@ -1036,7 +1036,7 @@ int handle_channel_sel_response(void *cntlr, struct cmdu_buff *cmdu)
int handle_oper_channel_report(void *cntlr, struct cmdu_buff *cmdu)
{
int idx = 0;
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy op_policy[] = {
[0] = { .type = MAP_TLV_OPERATING_CHANNEL_REPORT, .present = TLV_PRESENT_MORE }
};
@@ -1051,7 +1051,7 @@ int handle_oper_channel_report(void *cntlr, struct cmdu_buff *cmdu)
cmdu_parse_tlvs(cmdu, tv, op_policy, 1);
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
int i;
int offset = 0;
uint8_t mac[6] = {0};
@@ -1111,7 +1111,7 @@ int handle_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
struct netif_iface *ifc;
struct bss_metrics *a;
//struct link_metrics *link;
- struct tlv *tv[6][16] = { 0 };
+ struct tlv *tv[6][TLV_MAXNUM] = { 0 };
struct tlv_policy metric_policy[] = {
[0] = { .type = MAP_TLV_AP_METRICS, .present = TLV_PRESENT_MORE },
[1] = { .type = MAP_TLV_ASSOCIATED_STA_TRAFFIC_STATS, .present = TLV_PRESENT_OPTIONAL_MORE },
@@ -1134,7 +1134,7 @@ int handle_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
/* Storing AP Metrics TLV */
idx = 0;
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
p = (struct tlv_ap_metrics *) tv[0][idx++]->data;
if (!p)
continue;
@@ -1450,7 +1450,7 @@ int handle_sta_link_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
int i;
int offset = 0;
struct controller *c = (struct controller *) cntlr;
- struct tlv *tv[3][16] = { 0 };
+ struct tlv *tv[3][TLV_MAXNUM] = { 0 };
struct node *n;
struct tlv_policy sta_policy[] = {
[0] = { .type = MAP_TLV_ASSOCIATED_STA_LINK_METRICS, .present = TLV_PRESENT_MORE },
@@ -1672,7 +1672,7 @@ int handle_unassoc_sta_link_metrics_response(void *cntlr,
struct tlv_policy a_policy[] = {
[0] = { .type = MAP_TLV_UNASSOCIATED_STA_LINK_METRICS_RESPONSE, .present = TLV_PRESENT_ONE },
};
- struct tlv *tv[1][16] = {0};
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
int i = 0;
int ret = 0;
@@ -1749,7 +1749,7 @@ int handle_beacon_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
[0] = { .type = MAP_TLV_BEACON_METRICS_RESPONSE, .present = TLV_PRESENT_ONE },
};
struct tlv_beacon_metrics_resp *resp;
- struct tlv *tv[1][16] = {0};
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
uint8_t *ppos;
struct sta *s;
struct bcnreq *br;
@@ -1908,7 +1908,7 @@ int handle_sta_steer_btm_report(void *cntlr, struct cmdu_buff *cmdu)
[0] = { .type = MAP_TLV_STEERING_BTM_REPORT, .present = TLV_PRESENT_ONE },
};
struct tlv_steer_btm_report *resp;
- struct tlv *tv[1][16] = {0};
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct sta *s;
struct steer_attempt *attempt;
char ev_data[512] = {0};
@@ -2127,7 +2127,7 @@ int handle_channel_scan_report(void *cntlr, struct cmdu_buff *cmdu)
uint16_t num_neightbor;
uint8_t bw_len;
uint8_t *tv_data = NULL;
- struct tlv *tv_tsp[1][16];
+ struct tlv *tv_tsp[1][TLV_MAXNUM] = {0};
struct tlv *tv_scan[256];
char timestamp[TIMESTAMP_MAX_LEN] = {0};
struct tlv_timestamp *p = NULL;
@@ -2242,7 +2242,7 @@ int handle_tunneled_message(void *cntlr, struct cmdu_buff *cmdu)
int handle_backhaul_sta_caps_report(void *cntlr, struct cmdu_buff *cmdu)
{
uint8_t *tv_data;
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy d_policy[] = {
[0] = { .type = MAP_TLV_BACKHAUL_STA_RADIO_CAPABILITY, .present = TLV_PRESENT_NUM }
};
@@ -2261,7 +2261,7 @@ int handle_backhaul_sta_caps_report(void *cntlr, struct cmdu_buff *cmdu)
return -1;
}
- while (tv[0][num]) {
+ while (num < TLV_MAXNUM && tv[0][num]) {
struct netif_radio *r;
struct tlv_bsta_radio_cap *p;
diff --git a/src/cntlr_map_debug.c b/src/cntlr_map_debug.c
index 2bde161dae37fcf61a90748e5a83985de830127b..b8c151c0ef35726762b559ad68d8904a58c04b7b 100644
--- a/src/cntlr_map_debug.c
+++ b/src/cntlr_map_debug.c
@@ -51,7 +51,7 @@ int debug_topology_response(void *cntlr, struct cmdu_buff *cmdu)
trace("%s: --->\n", __func__);
/* TODO: TODO: debug base TLVs */
- struct tlv *tv[11][16] = {0};
+ struct tlv *tv[11][TLV_MAXNUM] = {0};
if (!validate_topology_response(cmdu, tv)) {
dbg("cmdu validation: [TOPOLOGY_RESPONSE] failed\n");
@@ -189,7 +189,7 @@ int debug_1905_ack(void *cntlr, struct cmdu_buff *cmdu)
[0] = { .type = MAP_TLV_ERROR_CODE,
.present = TLV_PRESENT_MORE },
};
- struct tlv *tv[1][16] = {0};
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
cmdu_parse_tlvs(cmdu, tv, a_policy, 1);
@@ -198,7 +198,7 @@ int debug_1905_ack(void *cntlr, struct cmdu_buff *cmdu)
idx = 0;
dbg("%s %d\n", __func__, __LINE__);
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
struct tlv_error_code *data;
dbg("%s %d\n", __func__, __LINE__);
struct tlv *t = (struct tlv *)tv[0][idx++];
@@ -220,7 +220,7 @@ int debug_ap_caps_report(void *cntlr, struct cmdu_buff *cmdu)
int i, j;
int index = 0;
int offset = 0;
- struct tlv *tv[9][16];
+ struct tlv *tv[9][TLV_MAXNUM] = {0};
struct tlv_policy d_policy[] = {
[0] = {
.type = MAP_TLV_AP_CAPABILITY,
@@ -274,7 +274,7 @@ int debug_ap_caps_report(void *cntlr, struct cmdu_buff *cmdu)
index = 0;
/* Parse AP Radio Basic Capabilities TLV */
- while (tv[1][index] && (index < 16)) {
+ while (index < TLV_MAXNUM && tv[1][index]) {
uint8_t *tv_data = (uint8_t *)tv[1][index++]->data;
struct tlv_ap_radio_basic_cap *p =
(struct tlv_ap_radio_basic_cap *)tv_data;
@@ -302,7 +302,7 @@ int debug_ap_caps_report(void *cntlr, struct cmdu_buff *cmdu)
index = 0;
/* Parse AP HT Capabilities TLV */
- while (tv[2][index] && (index < 16)) {
+ while (index < TLV_MAXNUM && tv[2][index]) {
struct tlv_ap_ht_cap *p =
(struct tlv_ap_ht_cap *)tv[2][index++]->data;
trace("\nTLV type: MAP_TLV_AP_HT_CAPABILITIES\n");
@@ -313,7 +313,7 @@ int debug_ap_caps_report(void *cntlr, struct cmdu_buff *cmdu)
index = 0;
/* AP VHT Capabilities TLV */
- while (tv[3][index] && (index < 16)) {
+ while (index < TLV_MAXNUM && tv[3][index]) {
struct tlv_ap_vht_cap *p =
(struct tlv_ap_vht_cap *)tv[3][index++]->data;
@@ -328,7 +328,7 @@ int debug_ap_caps_report(void *cntlr, struct cmdu_buff *cmdu)
index = 0;
/* Parse AP HE Capabilities TLV */
- while (tv[4][index] && (index < 16)) {
+ while (index < TLV_MAXNUM && tv[4][index]) {
uint8_t *tv_data = (uint8_t *)tv[4][index++]->data;
struct tlv_ap_he_cap *p =
(struct tlv_ap_he_cap *)tv_data;
@@ -421,7 +421,7 @@ int debug_channel_pref_report(void *cntlr, struct cmdu_buff *cmdu)
{
int idx, offset = 0;
int i, j;
- struct tlv *tv[4][16] = { 0 };
+ struct tlv *tv[4][TLV_MAXNUM] = { 0 };
struct tlv_policy pref_policy[] = {
[0] = { .type = MAP_TLV_CHANNEL_PREFERENCE, .present = TLV_PRESENT_MORE },
[1] = { .type = MAP_TLV_RADIO_OPERATION_RESTRICTION, .present = TLV_PRESENT_MORE },
@@ -436,7 +436,7 @@ int debug_channel_pref_report(void *cntlr, struct cmdu_buff *cmdu)
cmdu_parse_tlvs(cmdu, tv, pref_policy, 4);
idx = 0;
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
int num_opclass;
uint8_t mac[6] = { 0 };
struct tlv *t = (struct tlv *)tv[0][idx++];
@@ -468,7 +468,7 @@ int debug_channel_pref_report(void *cntlr, struct cmdu_buff *cmdu)
}
idx = 0;
- while (tv[1][idx]) {
+ while (idx < TLV_MAXNUM && tv[1][idx]) {
uint8_t mac[6] = { 0 };
int num_opclass;
struct tlv *t = (struct tlv *)tv[1][idx++];
@@ -568,7 +568,7 @@ int debug_channel_sel_response(void *cntlr, struct cmdu_buff *cmdu)
MAC2STR(cmdu->origin));
int idx;
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy channel_policy[] = {
[0] = { .type = MAP_TLV_CHANNEL_SELECTION_RESPONSE, .present = TLV_PRESENT_MORE }
};
@@ -576,7 +576,7 @@ int debug_channel_sel_response(void *cntlr, struct cmdu_buff *cmdu)
cmdu_parse_tlvs(cmdu, tv, channel_policy, 1);
idx = 0;
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
struct tlv_channel_selection_resp *p =
(struct tlv_channel_selection_resp *)tv[0][idx++]->data;
@@ -594,7 +594,7 @@ int debug_oper_channel_report(void *cntlr, struct cmdu_buff *cmdu)
MAC2STR(cmdu->origin));
int idx;
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy op_policy[] = {
[0] = { .type = MAP_TLV_OPERATING_CHANNEL_REPORT, .present = TLV_PRESENT_MORE }
};
@@ -602,7 +602,7 @@ int debug_oper_channel_report(void *cntlr, struct cmdu_buff *cmdu)
cmdu_parse_tlvs(cmdu, tv, op_policy, 1);
idx= 0;
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
int i, num_opclass;
int offset = 0;
uint8_t mac[6] = {0};
@@ -627,7 +627,7 @@ int debug_oper_channel_report(void *cntlr, struct cmdu_buff *cmdu)
int debug_sta_caps_report(void *cntlr, struct cmdu_buff *cmdu)
{
- struct tlv *tv[3][16];
+ struct tlv *tv[3][TLV_MAXNUM] = {0};
struct tlv_policy sta_policy[] = {
[0] = { .type = MAP_TLV_CLIENT_INFO, .present = TLV_PRESENT_ONE },
[1] = { .type = MAP_TLV_CLIENT_CAPABILITY_REPORT, .present = TLV_PRESENT_ONE },
@@ -685,7 +685,7 @@ int debug_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
{
int i;
int offset, idx = 0;
- struct tlv *tv[6][16] = { 0 };
+ struct tlv *tv[6][TLV_MAXNUM] = { 0 };
struct tlv_policy metric_policy[] = {
[0] = { .type = MAP_TLV_AP_METRICS, .present = TLV_PRESENT_MORE },
[1] = { .type = MAP_TLV_ASSOCIATED_STA_TRAFFIC_STATS, .present = TLV_PRESENT_OPTIONAL_MORE },
@@ -702,7 +702,7 @@ int debug_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
cmdu_parse_tlvs(cmdu, tv, metric_policy, 6);
idx = 0;
- while (tv[0][idx]) {
+ while (idx < TLV_MAXNUM && tv[0][idx]) {
size_t out_len;
int index = 0;
unsigned char est_str[16];
@@ -742,7 +742,7 @@ int debug_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
}
idx = 0;
- while (tv[1][idx]) {
+ while (idx < TLV_MAXNUM && tv[1][idx]) {
struct tlv_assoc_sta_traffic_stats *p =
(struct tlv_assoc_sta_traffic_stats *) tv[1][idx++]->data;
@@ -758,7 +758,7 @@ int debug_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
}
idx = 0;
- while (tv[2][idx]) {
+ while (idx < TLV_MAXNUM && tv[2][idx]) {
uint8_t *tv_data = (uint8_t *)tv[2][idx++]->data;
struct tlv_assoc_sta_link_metrics *p =
(struct tlv_assoc_sta_link_metrics *)tv_data;
@@ -784,7 +784,7 @@ int debug_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
}
idx = 0;
- while (tv[3][idx]) {
+ while (idx < TLV_MAXNUM && tv[3][idx]) {
struct tlv_ap_ext_metrics *p =
(struct tlv_ap_ext_metrics *) tv[3][idx++]->data;
@@ -799,7 +799,7 @@ int debug_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
}
idx = 0;
- while (tv[4][idx]) {
+ while (idx < TLV_MAXNUM && tv[4][idx]) {
struct tlv_radio_metrics *p =
(struct tlv_radio_metrics *) tv[4][idx++]->data;
@@ -812,7 +812,7 @@ int debug_ap_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
}
idx = 0;
- while (tv[5][idx]) {
+ while (idx < TLV_MAXNUM && tv[5][idx]) {
uint8_t *tv_data = (uint8_t *)tv[5][idx++]->data;
struct tlv_sta_ext_link_metric *p =
(struct tlv_sta_ext_link_metric *)tv_data;
@@ -846,7 +846,7 @@ int debug_sta_link_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
{
int i;
int offset = 0;
- struct tlv *tv[3][16] = { 0 };
+ struct tlv *tv[3][TLV_MAXNUM] = { 0 };
struct tlv_policy sta_policy[] = {
[0] = { .type = MAP_TLV_ASSOCIATED_STA_LINK_METRICS, .present = TLV_PRESENT_MORE },
[1] = { .type = MAP_TLV_ERROR_CODE, .present = TLV_PRESENT_MORE },
@@ -924,7 +924,7 @@ int debug_unassoc_sta_link_metrics_response(void *cntlr,
int i;
int offset = 0;
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy sta_policy[] = {
[0] = { .type = MAP_TLV_UNASSOCIATED_STA_LINK_METRICS_RESPONSE, .present = TLV_PRESENT_ONE },
};
@@ -964,7 +964,7 @@ int debug_beacon_metrics_response(void *cntlr, struct cmdu_buff *cmdu)
struct tlv_policy a_policy[] = {
[0] = { .type = MAP_TLV_BEACON_METRICS_RESPONSE, .present = TLV_PRESENT_ONE },
};
- struct tlv *tv[1][16] = {0};
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
int ret = 0;
trace("%s: --->\n", __func__);
@@ -1028,7 +1028,7 @@ int debug_sta_steer_btm_report(void *cntlr, struct cmdu_buff *cmdu)
trace("parsing steer btm report of |:" MACFMT "|\n",
MAC2STR(cmdu->origin));
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy steer_policy[] = {
[0] = { .type = MAP_TLV_STEERING_BTM_REPORT, .present = TLV_PRESENT_ONE }
};
@@ -1190,7 +1190,7 @@ int debug_sta_disassoc_stats(void *cntlr, struct cmdu_buff *cmdu)
{
trace("%s: --->\n", __func__);
- struct tlv *tv[3][16];
+ struct tlv *tv[3][TLV_MAXNUM] = {0};
struct tlv_policy disassoc_policy[] = {
[0] = { .type = MAP_TLV_STA_MAC_ADDRESS, .present = TLV_PRESENT_ONE },
[1] = { .type = MAP_TLV_REASON_CODE, .present = TLV_PRESENT_ONE },
@@ -1236,7 +1236,7 @@ int debug_assoc_status_notification(void *cntlr, struct cmdu_buff *cmdu)
uint8_t *p;
int i, num_bss;
int offset = 0;
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy assoc_policy[] = {
[0] = { .type = MAP_TLV_ASSOCIATION_STATUS_NOTIF, .present = TLV_PRESENT_ONE }
};
@@ -1261,7 +1261,7 @@ int debug_assoc_status_notification(void *cntlr, struct cmdu_buff *cmdu)
int debug_tunneled_message(void *cntlr, struct cmdu_buff *cmdu)
{
- struct tlv *tv[3][16] = { 0 };
+ struct tlv *tv[3][TLV_MAXNUM] = { 0 };
struct tlv_policy tunnel_policy[] = {
[0] = { .type = MAP_TLV_SOURCE_INFO, .present = TLV_PRESENT_ONE },
[1] = { .type = MAP_TLV_TUNNELED_MSG_TYPE, .present = TLV_PRESENT_ONE },
@@ -1316,7 +1316,7 @@ int debug_backhaul_sta_caps_report(void *cntlr, struct cmdu_buff *cmdu)
{
trace("%s: --->\n", __func__);
uint8_t *tv_data;
- struct tlv *tv[1][16];
+ struct tlv *tv[1][TLV_MAXNUM] = {0};
struct tlv_policy d_policy[] = {
[0] = { .type = MAP_TLV_BACKHAUL_STA_RADIO_CAPABILITY, .present = TLV_PRESENT_NUM }
};
@@ -1329,7 +1329,7 @@ int debug_backhaul_sta_caps_report(void *cntlr, struct cmdu_buff *cmdu)
return -1;
}
- while (tv[0][num]) {
+ while (num < TLV_MAXNUM && tv[0][num]) {
if (tv[0][num]->type != MAP_TLV_BACKHAUL_STA_RADIO_CAPABILITY) {
dbg("Wrong received TLV type!\n");
return -1;