aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/rndis_wlan.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2008-10-30 17:09:54 -0400
committerJohn W. Linville <linville@tuxdriver.com>2008-11-10 15:11:56 -0500
commit2c706002fc147decdba2658ea48e4436faca3af2 (patch)
tree3e515fa59e6f7de045579f103cba09cd05293de7 /drivers/net/wireless/rndis_wlan.c
parent9b1fbae4b242cf86a878771eb59dc600dde72ec8 (diff)
don't use net/ieee80211.h
Convert all the drivers using net/ieee80211.h to use linux/ieee80211.h. Contains a bugfix in libertas where the SSID parsing could overrun the buffer when the AP sends invalid information. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Dan Williams <dcbw@redhat.com> [airo, libertas] Acked-by: Pavel Roskin <proski@gnu.org> [orinoco] Acked-by: David Kilroy <kilroyd@googlemail.com> [orinoco] Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/rndis_wlan.c')
-rw-r--r--drivers/net/wireless/rndis_wlan.c24
1 files changed, 12 insertions, 12 deletions
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index bd059e3c7e2b..a1eeb48f9466 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -37,11 +37,11 @@
37#include <linux/usb.h> 37#include <linux/usb.h>
38#include <linux/usb/cdc.h> 38#include <linux/usb/cdc.h>
39#include <linux/wireless.h> 39#include <linux/wireless.h>
40#include <linux/ieee80211.h>
40#include <linux/if_arp.h> 41#include <linux/if_arp.h>
41#include <linux/ctype.h> 42#include <linux/ctype.h>
42#include <linux/spinlock.h> 43#include <linux/spinlock.h>
43#include <net/iw_handler.h> 44#include <net/iw_handler.h>
44#include <net/ieee80211.h>
45#include <linux/usb/usbnet.h> 45#include <linux/usb/usbnet.h>
46#include <linux/usb/rndis_host.h> 46#include <linux/usb/rndis_host.h>
47 47
@@ -1652,7 +1652,7 @@ static char *rndis_translate_scan(struct net_device *dev,
1652#ifdef DEBUG 1652#ifdef DEBUG
1653 struct usbnet *usbdev = dev->priv; 1653 struct usbnet *usbdev = dev->priv;
1654#endif 1654#endif
1655 struct ieee80211_info_element *ie; 1655 u8 *ie;
1656 char *current_val; 1656 char *current_val;
1657 int bssid_len, ie_len, i; 1657 int bssid_len, ie_len, i;
1658 u32 beacon, atim; 1658 u32 beacon, atim;
@@ -1750,20 +1750,20 @@ static char *rndis_translate_scan(struct net_device *dev,
1750 ie_len = min(bssid_len - (int)sizeof(*bssid), 1750 ie_len = min(bssid_len - (int)sizeof(*bssid),
1751 (int)le32_to_cpu(bssid->ie_length)); 1751 (int)le32_to_cpu(bssid->ie_length));
1752 ie_len -= sizeof(struct ndis_80211_fixed_ies); 1752 ie_len -= sizeof(struct ndis_80211_fixed_ies);
1753 while (ie_len >= sizeof(*ie) && sizeof(*ie) + ie->len <= ie_len) { 1753 while (ie_len >= 2 && 2 + ie[1] <= ie_len) {
1754 if ((ie->id == MFIE_TYPE_GENERIC && ie->len >= 4 && 1754 if ((ie[0] == WLAN_EID_GENERIC && ie[1] >= 4 &&
1755 memcmp(ie->data, "\x00\x50\xf2\x01", 4) == 0) || 1755 memcmp(ie + 2, "\x00\x50\xf2\x01", 4) == 0) ||
1756 ie->id == MFIE_TYPE_RSN) { 1756 ie[0] == WLAN_EID_RSN) {
1757 devdbg(usbdev, "IE: WPA%d", 1757 devdbg(usbdev, "IE: WPA%d",
1758 (ie->id == MFIE_TYPE_RSN) ? 2 : 1); 1758 (ie[0] == WLAN_EID_RSN) ? 2 : 1);
1759 iwe.cmd = IWEVGENIE; 1759 iwe.cmd = IWEVGENIE;
1760 iwe.u.data.length = min(ie->len + 2, MAX_WPA_IE_LEN); 1760 /* arbitrary cut-off at 64 */
1761 cev = iwe_stream_add_point(info, cev, end_buf, &iwe, 1761 iwe.u.data.length = min(ie[1] + 2, 64);
1762 (u8 *)ie); 1762 cev = iwe_stream_add_point(info, cev, end_buf, &iwe, ie);
1763 } 1763 }
1764 1764
1765 ie_len -= sizeof(*ie) + ie->len; 1765 ie_len -= 2 + ie[1];
1766 ie = (struct ieee80211_info_element *)&ie->data[ie->len]; 1766 ie += 2 + ie[1];
1767 } 1767 }
1768 1768
1769 return cev; 1769 return cev;
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-22 18:27:03 -0400