aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/ath5k
diff options
context:
space:
mode:
authorHarvey Harrison <harvey.harrison@gmail.com>2008-07-15 21:44:02 -0400
committerJohn W. Linville <linville@tuxdriver.com>2008-08-22 16:29:53 -0400
commit798ee9850e9bf94b4436f9c7238823322e326885 (patch)
treed4af4eb4ec0c75d21b8b353ba04029c2285a4fd6 /drivers/net/wireless/ath5k
parent7294ec955cb0c3eeefca2f4dd271c8068ab4edc5 (diff)
ath5k: explicitly check skb->len
ieee80211_get_hdrlen_from_skb internally checks that the skb is long enough to hold the full header, or it returns 0 if not. The check in ath5k does not check this case and assumes it always got the actual header length which it then checks against the skb->len plus some headroom. Change to ieee80211_hdrlen which always returns the hdrlen and keep the existing headroom check. Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/ath5k')
-rw-r--r--drivers/net/wireless/ath5k/base.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/net/wireless/ath5k/base.c b/drivers/net/wireless/ath5k/base.c
index 114520258b78..c1de1ef09e59 100644
--- a/drivers/net/wireless/ath5k/base.c
+++ b/drivers/net/wireless/ath5k/base.c
@@ -1540,7 +1540,7 @@ ath5k_rx_decrypted(struct ath5k_softc *sc, struct ath5k_desc *ds,
1540 struct sk_buff *skb, struct ath5k_rx_status *rs) 1540 struct sk_buff *skb, struct ath5k_rx_status *rs)
1541{ 1541{
1542 struct ieee80211_hdr *hdr = (void *)skb->data; 1542 struct ieee80211_hdr *hdr = (void *)skb->data;
1543 unsigned int keyix, hlen = ieee80211_get_hdrlen_from_skb(skb); 1543 unsigned int keyix, hlen;
1544 1544
1545 if (!(rs->rs_status & AR5K_RXERR_DECRYPT) && 1545 if (!(rs->rs_status & AR5K_RXERR_DECRYPT) &&
1546 rs->rs_keyix != AR5K_RXKEYIX_INVALID) 1546 rs->rs_keyix != AR5K_RXKEYIX_INVALID)
@@ -1549,6 +1549,7 @@ ath5k_rx_decrypted(struct ath5k_softc *sc, struct ath5k_desc *ds,
1549 /* Apparently when a default key is used to decrypt the packet 1549 /* Apparently when a default key is used to decrypt the packet
1550 the hw does not set the index used to decrypt. In such cases 1550 the hw does not set the index used to decrypt. In such cases
1551 get the index from the packet. */ 1551 get the index from the packet. */
1552 hlen = ieee80211_hdrlen(hdr->frame_control);
1552 if (ieee80211_has_protected(hdr->frame_control) && 1553 if (ieee80211_has_protected(hdr->frame_control) &&
1553 !(rs->rs_status & AR5K_RXERR_DECRYPT) && 1554 !(rs->rs_status & AR5K_RXERR_DECRYPT) &&
1554 skb->len >= hlen + 4) { 1555 skb->len >= hlen + 4) {