aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/orinoco.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2008-10-30 17:09:54 -0400
committerJohn W. Linville <linville@tuxdriver.com>2008-11-10 15:11:56 -0500
commit2c706002fc147decdba2658ea48e4436faca3af2 (patch)
tree3e515fa59e6f7de045579f103cba09cd05293de7 /drivers/net/wireless/orinoco.c
parent9b1fbae4b242cf86a878771eb59dc600dde72ec8 (diff)
don't use net/ieee80211.h
Convert all the drivers using net/ieee80211.h to use linux/ieee80211.h. Contains a bugfix in libertas where the SSID parsing could overrun the buffer when the AP sends invalid information. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Dan Williams <dcbw@redhat.com> [airo, libertas] Acked-by: Pavel Roskin <proski@gnu.org> [orinoco] Acked-by: David Kilroy <kilroyd@googlemail.com> [orinoco] Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/orinoco.c')
-rw-r--r--drivers/net/wireless/orinoco.c30
1 files changed, 16 insertions, 14 deletions
diff --git a/drivers/net/wireless/orinoco.c b/drivers/net/wireless/orinoco.c
index b657a916b1d..f4ea08f9697 100644
--- a/drivers/net/wireless/orinoco.c
+++ b/drivers/net/wireless/orinoco.c
@@ -86,8 +86,8 @@
86#include <linux/firmware.h> 86#include <linux/firmware.h>
87#include <linux/if_arp.h> 87#include <linux/if_arp.h>
88#include <linux/wireless.h> 88#include <linux/wireless.h>
89#include <linux/ieee80211.h>
89#include <net/iw_handler.h> 90#include <net/iw_handler.h>
90#include <net/ieee80211.h>
91 91
92#include <linux/scatterlist.h> 92#include <linux/scatterlist.h>
93#include <linux/crypto.h> 93#include <linux/crypto.h>
@@ -143,7 +143,7 @@ static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
143#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2) 143#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
144 144
145#define ORINOCO_MIN_MTU 256 145#define ORINOCO_MIN_MTU 256
146#define ORINOCO_MAX_MTU (IEEE80211_DATA_LEN - ENCAPS_OVERHEAD) 146#define ORINOCO_MAX_MTU (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
147 147
148#define SYMBOL_MAX_VER_LEN (14) 148#define SYMBOL_MAX_VER_LEN (14)
149#define USER_BAP 0 149#define USER_BAP 0
@@ -392,7 +392,7 @@ static void orinoco_bss_data_init(struct orinoco_private *priv)
392} 392}
393 393
394static inline u8 *orinoco_get_ie(u8 *data, size_t len, 394static inline u8 *orinoco_get_ie(u8 *data, size_t len,
395 enum ieee80211_mfie eid) 395 enum ieee80211_eid eid)
396{ 396{
397 u8 *p = data; 397 u8 *p = data;
398 while ((p + 2) < (data + len)) { 398 while ((p + 2) < (data + len)) {
@@ -409,7 +409,7 @@ static inline u8 *orinoco_get_wpa_ie(u8 *data, size_t len)
409{ 409{
410 u8 *p = data; 410 u8 *p = data;
411 while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) { 411 while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) {
412 if ((p[0] == MFIE_TYPE_GENERIC) && 412 if ((p[0] == WLAN_EID_GENERIC) &&
413 (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0)) 413 (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0))
414 return p; 414 return p;
415 p += p[1] + 2; 415 p += p[1] + 2;
@@ -839,7 +839,8 @@ static int orinoco_change_mtu(struct net_device *dev, int new_mtu)
839 if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) ) 839 if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) )
840 return -EINVAL; 840 return -EINVAL;
841 841
842 if ( (new_mtu + ENCAPS_OVERHEAD + IEEE80211_HLEN) > 842 /* MTU + encapsulation + header length */
843 if ( (new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
843 (priv->nicbuf_size - ETH_HLEN) ) 844 (priv->nicbuf_size - ETH_HLEN) )
844 return -EINVAL; 845 return -EINVAL;
845 846
@@ -1254,7 +1255,7 @@ static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
1254 } 1255 }
1255 1256
1256 /* sanity check the length */ 1257 /* sanity check the length */
1257 if (datalen > IEEE80211_DATA_LEN + 12) { 1258 if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
1258 printk(KERN_DEBUG "%s: oversized monitor frame, " 1259 printk(KERN_DEBUG "%s: oversized monitor frame, "
1259 "data length = %d\n", dev->name, datalen); 1260 "data length = %d\n", dev->name, datalen);
1260 stats->rx_length_errors++; 1261 stats->rx_length_errors++;
@@ -1382,7 +1383,7 @@ static void __orinoco_ev_rx(struct net_device *dev, hermes_t *hw)
1382 data. */ 1383 data. */
1383 goto out; 1384 goto out;
1384 } 1385 }
1385 if (length > IEEE80211_DATA_LEN) { 1386 if (length > IEEE80211_MAX_DATA_LEN) {
1386 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n", 1387 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
1387 dev->name, length); 1388 dev->name, length);
1388 stats->rx_length_errors++; 1389 stats->rx_length_errors++;
@@ -3285,7 +3286,7 @@ static int orinoco_init(struct net_device *dev)
3285 3286
3286 /* No need to lock, the hw_unavailable flag is already set in 3287 /* No need to lock, the hw_unavailable flag is already set in
3287 * alloc_orinocodev() */ 3288 * alloc_orinocodev() */
3288 priv->nicbuf_size = IEEE80211_FRAME_LEN + ETH_HLEN; 3289 priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
3289 3290
3290 /* Initialize the firmware */ 3291 /* Initialize the firmware */
3291 err = hermes_init(hw); 3292 err = hermes_init(hw);
@@ -4681,7 +4682,7 @@ static int orinoco_ioctl_set_encodeext(struct net_device *dev,
4681 /* Determine and validate the key index */ 4682 /* Determine and validate the key index */
4682 idx = encoding->flags & IW_ENCODE_INDEX; 4683 idx = encoding->flags & IW_ENCODE_INDEX;
4683 if (idx) { 4684 if (idx) {
4684 if ((idx < 1) || (idx > WEP_KEYS)) 4685 if ((idx < 1) || (idx > 4))
4685 goto out; 4686 goto out;
4686 idx--; 4687 idx--;
4687 } else 4688 } else
@@ -4786,7 +4787,7 @@ static int orinoco_ioctl_get_encodeext(struct net_device *dev,
4786 4787
4787 idx = encoding->flags & IW_ENCODE_INDEX; 4788 idx = encoding->flags & IW_ENCODE_INDEX;
4788 if (idx) { 4789 if (idx) {
4789 if ((idx < 1) || (idx > WEP_KEYS)) 4790 if ((idx < 1) || (idx > 4))
4790 goto out; 4791 goto out;
4791 idx--; 4792 idx--;
4792 } else 4793 } else
@@ -4949,7 +4950,8 @@ static int orinoco_ioctl_set_genie(struct net_device *dev,
4949 unsigned long flags; 4950 unsigned long flags;
4950 int err = 0; 4951 int err = 0;
4951 4952
4952 if ((wrqu->data.length > MAX_WPA_IE_LEN) || 4953 /* cut off at IEEE80211_MAX_DATA_LEN */
4954 if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
4953 (wrqu->data.length && (extra == NULL))) 4955 (wrqu->data.length && (extra == NULL)))
4954 return -EINVAL; 4956 return -EINVAL;
4955 4957
@@ -5632,7 +5634,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
5632 &iwe, IW_EV_UINT_LEN); 5634 &iwe, IW_EV_UINT_LEN);
5633 } 5635 }
5634 5636
5635 ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_DS_SET); 5637 ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_DS_PARAMS);
5636 channel = ie ? ie[2] : 0; 5638 channel = ie ? ie[2] : 0;
5637 if ((channel >= 1) && (channel <= NUM_CHANNELS)) { 5639 if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
5638 /* Add channel and frequency */ 5640 /* Add channel and frequency */
@@ -5682,7 +5684,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
5682 } 5684 }
5683 5685
5684 /* RSN IE */ 5686 /* RSN IE */
5685 ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RSN); 5687 ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_RSN);
5686 if (ie) { 5688 if (ie) {
5687 iwe.cmd = IWEVGENIE; 5689 iwe.cmd = IWEVGENIE;
5688 iwe.u.data.length = ie[1] + 2; 5690 iwe.u.data.length = ie[1] + 2;
@@ -5690,7 +5692,7 @@ static inline char *orinoco_translate_ext_scan(struct net_device *dev,
5690 &iwe, ie); 5692 &iwe, ie);
5691 } 5693 }
5692 5694
5693 ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RATES); 5695 ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_SUPP_RATES);
5694 if (ie) { 5696 if (ie) {
5695 char *p = current_ev + iwe_stream_lcp_len(info); 5697 char *p = current_ev + iwe_stream_lcp_len(info);
5696 int i; 5698 int i;