aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/mesh.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2009-07-10 05:39:26 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-07-24 15:05:10 -0400
commita43816df2a1a61effcb701037bdf63621d066182 (patch)
tree33346bbbb1621dfc7966c2f4ad8b1a76f4145d18 /net/mac80211/mesh.c
parentec3f149017ef3fd21343b1dcec3589eec6ba5dd5 (diff)
mac80211: mesh: fix two small problems
1) there's a spin_lock() that needs to be spin_lock_bh() 2) action frames of size 24 might cause an out-of-bounds memory access (for the 25th byte only, so no big deal) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/mesh.c')
-rw-r--r--net/mac80211/mesh.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 542ea025494..8a97b142308 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -685,9 +685,12 @@ ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
685 fc = le16_to_cpu(mgmt->frame_control); 685 fc = le16_to_cpu(mgmt->frame_control);
686 686
687 switch (fc & IEEE80211_FCTL_STYPE) { 687 switch (fc & IEEE80211_FCTL_STYPE) {
688 case IEEE80211_STYPE_ACTION:
689 if (skb->len < IEEE80211_MIN_ACTION_SIZE)
690 return RX_DROP_MONITOR;
691 /* fall through */
688 case IEEE80211_STYPE_PROBE_RESP: 692 case IEEE80211_STYPE_PROBE_RESP:
689 case IEEE80211_STYPE_BEACON: 693 case IEEE80211_STYPE_BEACON:
690 case IEEE80211_STYPE_ACTION:
691 skb_queue_tail(&ifmsh->skb_queue, skb); 694 skb_queue_tail(&ifmsh->skb_queue, skb);
692 queue_work(local->hw.workqueue, &ifmsh->work); 695 queue_work(local->hw.workqueue, &ifmsh->work);
693 return RX_QUEUED; 696 return RX_QUEUED;