diff options
| author | Zhu Yi <yi.zhu@intel.com> | 2006-08-20 23:34:19 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2006-08-29 17:06:31 -0400 |
| commit | f09fc44d8c25f22c4d985bb93857338ed02feac6 (patch) | |
| tree | b73af3c9a258a53ad9323edae81ccb9578cf6590 /net/ieee80211 | |
| parent | 5a656949719bf8598ad1e93a56eb11e70a4c3208 (diff) | |
[PATCH] ieee80211: Workaround malformed 802.11 frames from AP
Stop processing further but return success when we receive a malformed
packet from the AP. We need this patch to workaround some AP bugs. For
example, the beacon frames from the Orinoco AP1000 contains an IE (value
= 128) with length equals to 8 but the actual frame length is only 7.
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/ieee80211')
| -rw-r--r-- | net/ieee80211/ieee80211_rx.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c index d60358d702d7..770704183a1b 100644 --- a/net/ieee80211/ieee80211_rx.c +++ b/net/ieee80211/ieee80211_rx.c | |||
| @@ -1078,13 +1078,16 @@ static int ieee80211_parse_info_param(struct ieee80211_info_element | |||
| 1078 | 1078 | ||
| 1079 | while (length >= sizeof(*info_element)) { | 1079 | while (length >= sizeof(*info_element)) { |
| 1080 | if (sizeof(*info_element) + info_element->len > length) { | 1080 | if (sizeof(*info_element) + info_element->len > length) { |
| 1081 | IEEE80211_DEBUG_MGMT("Info elem: parse failed: " | 1081 | IEEE80211_ERROR("Info elem: parse failed: " |
| 1082 | "info_element->len + 2 > left : " | 1082 | "info_element->len + 2 > left : " |
| 1083 | "info_element->len+2=%zd left=%d, id=%d.\n", | 1083 | "info_element->len+2=%zd left=%d, id=%d.\n", |
| 1084 | info_element->len + | 1084 | info_element->len + |
| 1085 | sizeof(*info_element), | 1085 | sizeof(*info_element), |
| 1086 | length, info_element->id); | 1086 | length, info_element->id); |
| 1087 | return 1; | 1087 | /* We stop processing but don't return an error here |
| 1088 | * because some misbehaviour APs break this rule. ie. | ||
| 1089 | * Orinoco AP1000. */ | ||
| 1090 | break; | ||
| 1088 | } | 1091 | } |
| 1089 | 1092 | ||
| 1090 | switch (info_element->id) { | 1093 | switch (info_element->id) { |