mac80211: add length check in ieee80211_is_robust_mgmt_frame()

A few places weren't checking that the frame passed to the function actually has enough data even though the function clearly documents it must have a payload byte. Make this safer by changing the function to take an skb and checking the length inside. The old version is preserved for now as the rtl* drivers use it and don't have a correct skb. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2014-01-23 10:20:29 -0500
committer: Johannes Berg <johannes.berg@intel.com> 2014-02-04 15:58:07 -0500
commit: d8ca16db6bb23d03fcb794df44bae64ae976f27c (patch)
tree: f577a829374c0f9daba8bf70e1ea3d6ac107089c /drivers/net/wireless/rtlwifi
parent: ae811e21df28deb4c2adab0a47fc3da4f56d777b (diff)
4 files changed, 4 insertions, 4 deletions
diff --git a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
index aece6c9cccf1..27ace3054d56 100644
--- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
+++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
@@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80211_hw *hw,
                        /* During testing, hdr was NULL */
                        return false;
                }
-                if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
+                if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
                    (ieee80211_has_protected(hdr->frame_control)))
                        rx_status->flag &= ~RX_FLAG_DECRYPTED;
                else
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
index 52abf0a862fa..114858d46158 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
@@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80211_hw *hw,
                        /* In testing, hdr was NULL here */
                        return false;
                }
-                if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
+                if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
                    (ieee80211_has_protected(hdr->frame_control)))
                        rx_status->flag &= ~RX_FLAG_DECRYPTED;
                else
diff --git a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
index 27efbcdac6a9..163a681962c6 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
@@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80211_hw *hw, struct rtl_stats *stats,
                        /* during testing, hdr was NULL here */
                        return false;
                }
-                if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
+                if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
                        (ieee80211_has_protected(hdr->frame_control)))
                        rx_status->flag &= ~RX_FLAG_DECRYPTED;
                else
diff --git a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
index 50b7be3f3a60..721162cacc3a 100644
--- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
+++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
@@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee80211_hw *hw,
                        /* during testing, hdr could be NULL here */
                        return false;
                }
-                if ((ieee80211_is_robust_mgmt_frame(hdr)) &&
+                if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
                        (ieee80211_has_protected(hdr->frame_control)))
                        rx_status->flag &= ~RX_FLAG_DECRYPTED;
                else
author	Johannes Berg <johannes.berg@intel.com>	2014-01-23 10:20:29 -0500
committer	Johannes Berg <johannes.berg@intel.com>	2014-02-04 15:58:07 -0500
commit	d8ca16db6bb23d03fcb794df44bae64ae976f27c (patch)
tree	f577a829374c0f9daba8bf70e1ea3d6ac107089c /drivers/net/wireless/rtlwifi
parent	ae811e21df28deb4c2adab0a47fc3da4f56d777b (diff)

diff --git a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c index aece6c9cccf1..27ace3054d56 100644 --- a/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c +++ b/drivers/net/wireless/rtlwifi/rtl8188ee/trx.c
@@ -452,7 +452,7 @@ bool rtl88ee_rx_query_desc(struct ieee80211_hw *hw,
452	/* During testing, hdr was NULL */	452	/* During testing, hdr was NULL */
453	return false;	453	return false;
454	}	454	}
455	if ((ieee80211_is_robust_mgmt_frame(hdr)) &&	455	if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
456	(ieee80211_has_protected(hdr->frame_control)))	456	(ieee80211_has_protected(hdr->frame_control)))
457	rx_status->flag &= ~RX_FLAG_DECRYPTED;	457	rx_status->flag &= ~RX_FLAG_DECRYPTED;
458	else	458	else


diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c index 52abf0a862fa..114858d46158 100644 --- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c +++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c
@@ -393,7 +393,7 @@ bool rtl92ce_rx_query_desc(struct ieee80211_hw *hw,
393	/* In testing, hdr was NULL here */	393	/* In testing, hdr was NULL here */
394	return false;	394	return false;
395	}	395	}
396	if ((ieee80211_is_robust_mgmt_frame(hdr)) &&	396	if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
397	(ieee80211_has_protected(hdr->frame_control)))	397	(ieee80211_has_protected(hdr->frame_control)))
398	rx_status->flag &= ~RX_FLAG_DECRYPTED;	398	rx_status->flag &= ~RX_FLAG_DECRYPTED;
399	else	399	else


diff --git a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c index 27efbcdac6a9..163a681962c6 100644 --- a/drivers/net/wireless/rtlwifi/rtl8192se/trx.c +++ b/drivers/net/wireless/rtlwifi/rtl8192se/trx.c
@@ -310,7 +310,7 @@ bool rtl92se_rx_query_desc(struct ieee80211_hw hw, struct rtl_stats stats,
310	/* during testing, hdr was NULL here */	310	/* during testing, hdr was NULL here */
311	return false;	311	return false;
312	}	312	}
313	if ((ieee80211_is_robust_mgmt_frame(hdr)) &&	313	if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
314	(ieee80211_has_protected(hdr->frame_control)))	314	(ieee80211_has_protected(hdr->frame_control)))
315	rx_status->flag &= ~RX_FLAG_DECRYPTED;	315	rx_status->flag &= ~RX_FLAG_DECRYPTED;
316	else	316	else


diff --git a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c index 50b7be3f3a60..721162cacc3a 100644 --- a/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c +++ b/drivers/net/wireless/rtlwifi/rtl8723ae/trx.c
@@ -334,7 +334,7 @@ bool rtl8723ae_rx_query_desc(struct ieee80211_hw *hw,
334	/* during testing, hdr could be NULL here */	334	/* during testing, hdr could be NULL here */
335	return false;	335	return false;
336	}	336	}
337	if ((ieee80211_is_robust_mgmt_frame(hdr)) &&	337	if ((_ieee80211_is_robust_mgmt_frame(hdr)) &&
338	(ieee80211_has_protected(hdr->frame_control)))	338	(ieee80211_has_protected(hdr->frame_control)))
339	rx_status->flag &= ~RX_FLAG_DECRYPTED;	339	rx_status->flag &= ~RX_FLAG_DECRYPTED;
340	else	340	else