diff options
| author | David S. Miller <davem@davemloft.net> | 2012-10-31 14:59:01 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-10-31 14:59:12 -0400 |
| commit | aff9c78618295b265add4967d1eff0bc78490d9d (patch) | |
| tree | 34e634ca3c4880040d77203714406c996a8f93e5 /net/wireless/util.c | |
| parent | f8450bbe8c7e94b7ef83e74d270d48e057173ed0 (diff) | |
| parent | 06272911485850b4a336122958c50af0f8ea7c13 (diff) | |
| download | op-kernel-dev-aff9c78618295b265add4967d1eff0bc78490d9d.zip op-kernel-dev-aff9c78618295b265add4967d1eff0bc78490d9d.tar.gz | |
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville says:
====================
This is a batch of fixes intended for 3.7...
The biggest portion of this is a pull request from Johannes Berg:
"Please pull my mac80211.git tree per below to get a number of fixes. I
have included a patch from Antonio to fix a memcpy overrun, Felix's
patches for the antenna gain/tx power issues, a few mesh-related fixes
from Javier for mac80211 and my own patches to not access data that
might not be present in an skb at all as well as a patch (the duplicate
IE check one) to make mac80211 forward-compatible with potential future
spec extensions that use the same IE multiple times.
It's a bit bigger than I'd like maybe, but I think all of these are
worthwhile fixes at this point."
In addition...
Felix Fietkau fixes an ath9k use-after-free issue.
Stanislaw Gruszka adds a valid value check to rt2800.
Sven Eckelmann adds a check to only check a TID value in a BlockAck, for
frames that could be either a BlockAck or a normal Ack.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/wireless/util.c')
| -rw-r--r-- | net/wireless/util.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/net/wireless/util.c b/net/wireless/util.c index ef35f4e..2762e83 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -309,23 +309,21 @@ unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb) } EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); -static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) +unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) { int ae = meshhdr->flags & MESH_FLAGS_AE; - /* 7.1.3.5a.2 */ + /* 802.11-2012, 8.2.4.7.3 */ switch (ae) { + default: case 0: return 6; case MESH_FLAGS_AE_A4: return 12; case MESH_FLAGS_AE_A5_A6: return 18; - case (MESH_FLAGS_AE_A4 | MESH_FLAGS_AE_A5_A6): - return 24; - default: - return 6; } } +EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen); int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, enum nl80211_iftype iftype) @@ -373,6 +371,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, /* make sure meshdr->flags is on the linear part */ if (!pskb_may_pull(skb, hdrlen + 1)) return -1; + if (meshdr->flags & MESH_FLAGS_AE_A4) + return -1; if (meshdr->flags & MESH_FLAGS_AE_A5_A6) { skb_copy_bits(skb, hdrlen + offsetof(struct ieee80211s_hdr, eaddr1), @@ -397,6 +397,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, /* make sure meshdr->flags is on the linear part */ if (!pskb_may_pull(skb, hdrlen + 1)) return -1; + if (meshdr->flags & MESH_FLAGS_AE_A5_A6) + return -1; if (meshdr->flags & MESH_FLAGS_AE_A4) skb_copy_bits(skb, hdrlen + offsetof(struct ieee80211s_hdr, eaddr1), |
