hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

wireless: drop invalid mesh address extension frames 

The mesh header can have address extension by a 4th
or a 5th and 6th address, but never both. Drop such
frames in 802.11 -> 802.3 conversion along with any
frames that have the wrong extension.

Cc: stable@vger.kernel.org
Reviewed-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg 2012-10-25 21:51:59 +02:00
parent badecb001a
commit 7dd111e8ee
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
net/wireless/util.c
View File

@ -312,18 +312,15 @@ EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr)
{ {
int ae = meshhdr->flags & MESH_FLAGS_AE; int ae = meshhdr->flags & MESH_FLAGS_AE;
/* 7.1.3.5a.2 */ /* 802.11-2012, 8.2.4.7.3 */
switch (ae) { switch (ae) {
default:
case 0: case 0:
return 6; return 6;
case MESH_FLAGS_AE_A4: case MESH_FLAGS_AE_A4:
return 12; return 12;
case MESH_FLAGS_AE_A5_A6: case MESH_FLAGS_AE_A5_A6:
return 18; return 18;
case (MESH_FLAGS_AE_A4 | MESH_FLAGS_AE_A5_A6):
return 24;
default:
return 6;
} }
} }
@ -373,6 +370,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
/* make sure meshdr->flags is on the linear part */ /* make sure meshdr->flags is on the linear part */
if (!pskb_may_pull(skb, hdrlen + 1)) if (!pskb_may_pull(skb, hdrlen + 1))
return -1; return -1;
if (meshdr->flags & MESH_FLAGS_AE_A4)
return -1;
if (meshdr->flags & MESH_FLAGS_AE_A5_A6) { if (meshdr->flags & MESH_FLAGS_AE_A5_A6) {
skb_copy_bits(skb, hdrlen + skb_copy_bits(skb, hdrlen +
offsetof(struct ieee80211s_hdr, eaddr1), offsetof(struct ieee80211s_hdr, eaddr1),
@ -397,6 +396,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
/* make sure meshdr->flags is on the linear part */ /* make sure meshdr->flags is on the linear part */
if (!pskb_may_pull(skb, hdrlen + 1)) if (!pskb_may_pull(skb, hdrlen + 1))
return -1; return -1;
if (meshdr->flags & MESH_FLAGS_AE_A5_A6)
return -1;
if (meshdr->flags & MESH_FLAGS_AE_A4) if (meshdr->flags & MESH_FLAGS_AE_A4)
skb_copy_bits(skb, hdrlen + skb_copy_bits(skb, hdrlen +
offsetof(struct ieee80211s_hdr, eaddr1), offsetof(struct ieee80211s_hdr, eaddr1),