diff options
| author | Alexander Aring <aar@pengutronix.de> | 2016-02-19 03:59:11 -0500 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2016-02-23 14:29:39 -0500 |
| commit | 07b0188adf7298bf80a9890d3e90f27e973623d3 (patch) | |
| tree | 52b9db9f285661fff1a2642f208d781a6bd5b63c | |
| parent | aff3eaa03dc30d7f1ea07ab5931cd61a657c5974 (diff) | |
mac802154: fix mac header length check
I got report about that sometimes the WARN_ON occurs there which should
never happen. I came to the conclusion that the mac header is there but
inside the headroom of skb. The skb->len information doesn't contain the
information about the headroom length and skb->len is lesser than two.
We check now if the skb_mac_header pointer is set and the room between
mac header pointer and tail pointer.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
| -rw-r--r-- | include/net/mac802154.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/net/mac802154.h b/include/net/mac802154.h index da574bbdc333..2e3cdd2048d2 100644 --- a/include/net/mac802154.h +++ b/include/net/mac802154.h | |||
| @@ -247,8 +247,9 @@ struct ieee802154_ops { | |||
| 247 | */ | 247 | */ |
| 248 | static inline __le16 ieee802154_get_fc_from_skb(const struct sk_buff *skb) | 248 | static inline __le16 ieee802154_get_fc_from_skb(const struct sk_buff *skb) |
| 249 | { | 249 | { |
| 250 | /* return some invalid fc on failure */ | 250 | /* check if we can fc at skb_mac_header of sk buffer */ |
| 251 | if (unlikely(skb->len < 2)) { | 251 | if (unlikely(!skb_mac_header_was_set(skb) || |
| 252 | (skb_tail_pointer(skb) - skb_mac_header(skb)) < 2)) { | ||
| 252 | WARN_ON(1); | 253 | WARN_ON(1); |
| 253 | return cpu_to_le16(0); | 254 | return cpu_to_le16(0); |
| 254 | } | 255 | } |