diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2008-09-08 15:41:59 +0200 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-09-11 15:53:35 -0400 |
| commit | 9c80d3dc272ec5ce44a7564e5392f950ad38357a (patch) | |
| tree | 43b8e45567c790212581b117e9d06ae5f5fd975b /net/mac80211/mesh_plink.c | |
| parent | 5bda617576e58c7213aef5ab90383f303727b5b1 (diff) | |
| download | kernel_samsung_smdk4412-9c80d3dc272ec5ce44a7564e5392f950ad38357a.zip kernel_samsung_smdk4412-9c80d3dc272ec5ce44a7564e5392f950ad38357a.tar.gz kernel_samsung_smdk4412-9c80d3dc272ec5ce44a7564e5392f950ad38357a.tar.bz2 | |
mac80211: fix action frame length checks
The action frame length checks are one too small, there's not just
an action code as the comment makes you believe, there's a category
code too, and the category code is required in each action frame
(hence part of IEEE80211_MIN_ACTION_SIZE).
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/mesh_plink.c')
| -rw-r--r-- | net/mac80211/mesh_plink.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c index 7714b0e..74983cf 100644 --- a/net/mac80211/mesh_plink.c +++ b/net/mac80211/mesh_plink.c @@ -421,6 +421,10 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m DECLARE_MAC_BUF(mac); #endif + /* need action_code, aux */ + if (len < IEEE80211_MIN_ACTION_SIZE + 3) + return; + if (is_multicast_ether_addr(mgmt->da)) { mpl_dbg("Mesh plink: ignore frame from multicast address"); return; |