diff options
author | Harvey Harrison <harvey.harrison@gmail.com> | 2008-07-15 21:44:02 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2008-08-22 16:29:53 -0400 |
commit | 798ee9850e9bf94b4436f9c7238823322e326885 (patch) | |
tree | d4af4eb4ec0c75d21b8b353ba04029c2285a4fd6 /drivers/net/wireless/ath5k | |
parent | 7294ec955cb0c3eeefca2f4dd271c8068ab4edc5 (diff) |
ath5k: explicitly check skb->len
ieee80211_get_hdrlen_from_skb internally checks that the skb is long
enough to hold the full header, or it returns 0 if not. The check in
ath5k does not check this case and assumes it always got the actual
header length which it then checks against the skb->len plus some headroom.
Change to ieee80211_hdrlen which always returns the hdrlen and keep the
existing headroom check.
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/ath5k')
-rw-r--r-- | drivers/net/wireless/ath5k/base.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/net/wireless/ath5k/base.c b/drivers/net/wireless/ath5k/base.c index 114520258b78..c1de1ef09e59 100644 --- a/drivers/net/wireless/ath5k/base.c +++ b/drivers/net/wireless/ath5k/base.c | |||
@@ -1540,7 +1540,7 @@ ath5k_rx_decrypted(struct ath5k_softc *sc, struct ath5k_desc *ds, | |||
1540 | struct sk_buff *skb, struct ath5k_rx_status *rs) | 1540 | struct sk_buff *skb, struct ath5k_rx_status *rs) |
1541 | { | 1541 | { |
1542 | struct ieee80211_hdr *hdr = (void *)skb->data; | 1542 | struct ieee80211_hdr *hdr = (void *)skb->data; |
1543 | unsigned int keyix, hlen = ieee80211_get_hdrlen_from_skb(skb); | 1543 | unsigned int keyix, hlen; |
1544 | 1544 | ||
1545 | if (!(rs->rs_status & AR5K_RXERR_DECRYPT) && | 1545 | if (!(rs->rs_status & AR5K_RXERR_DECRYPT) && |
1546 | rs->rs_keyix != AR5K_RXKEYIX_INVALID) | 1546 | rs->rs_keyix != AR5K_RXKEYIX_INVALID) |
@@ -1549,6 +1549,7 @@ ath5k_rx_decrypted(struct ath5k_softc *sc, struct ath5k_desc *ds, | |||
1549 | /* Apparently when a default key is used to decrypt the packet | 1549 | /* Apparently when a default key is used to decrypt the packet |
1550 | the hw does not set the index used to decrypt. In such cases | 1550 | the hw does not set the index used to decrypt. In such cases |
1551 | get the index from the packet. */ | 1551 | get the index from the packet. */ |
1552 | hlen = ieee80211_hdrlen(hdr->frame_control); | ||
1552 | if (ieee80211_has_protected(hdr->frame_control) && | 1553 | if (ieee80211_has_protected(hdr->frame_control) && |
1553 | !(rs->rs_status & AR5K_RXERR_DECRYPT) && | 1554 | !(rs->rs_status & AR5K_RXERR_DECRYPT) && |
1554 | skb->len >= hlen + 4) { | 1555 | skb->len >= hlen + 4) { |