aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/net/wireless/orinoco_cs.c4
-rw-r--r--include/net/ieee80211.h4
-rw-r--r--net/ieee80211/ieee80211_rx.c22
-rw-r--r--net/ieee80211/ieee80211_wx.c12
4 files changed, 31 insertions, 11 deletions
diff --git a/drivers/net/wireless/orinoco_cs.c b/drivers/net/wireless/orinoco_cs.c
index b664708481cc..3c128b692bce 100644
--- a/drivers/net/wireless/orinoco_cs.c
+++ b/drivers/net/wireless/orinoco_cs.c
@@ -261,13 +261,13 @@ orinoco_cs_config(dev_link_t *link)
261 /* Note that the CIS values need to be rescaled */ 261 /* Note that the CIS values need to be rescaled */
262 if (cfg->vcc.present & (1 << CISTPL_POWER_VNOM)) { 262 if (cfg->vcc.present & (1 << CISTPL_POWER_VNOM)) {
263 if (conf.Vcc != cfg->vcc.param[CISTPL_POWER_VNOM] / 10000) { 263 if (conf.Vcc != cfg->vcc.param[CISTPL_POWER_VNOM] / 10000) {
264 DEBUG(2, "orinoco_cs_config: Vcc mismatch (conf.Vcc = %d, CIS = %d)\n", conf.Vcc, cfg->vcc.param[CISTPL_POWER_VNOM] / 10000); 264 DEBUG(2, "orinoco_cs_config: Vcc mismatch (conf.Vcc = %d, cfg CIS = %d)\n", conf.Vcc, cfg->vcc.param[CISTPL_POWER_VNOM] / 10000);
265 if (!ignore_cis_vcc) 265 if (!ignore_cis_vcc)
266 goto next_entry; 266 goto next_entry;
267 } 267 }
268 } else if (dflt.vcc.present & (1 << CISTPL_POWER_VNOM)) { 268 } else if (dflt.vcc.present & (1 << CISTPL_POWER_VNOM)) {
269 if (conf.Vcc != dflt.vcc.param[CISTPL_POWER_VNOM] / 10000) { 269 if (conf.Vcc != dflt.vcc.param[CISTPL_POWER_VNOM] / 10000) {
270 DEBUG(2, "orinoco_cs_config: Vcc mismatch (conf.Vcc = %d, CIS = %d)\n", conf.Vcc, dflt.vcc.param[CISTPL_POWER_VNOM] / 10000); 270 DEBUG(2, "orinoco_cs_config: Vcc mismatch (conf.Vcc = %d, dflt CIS = %d)\n", conf.Vcc, dflt.vcc.param[CISTPL_POWER_VNOM] / 10000);
271 if(!ignore_cis_vcc) 271 if(!ignore_cis_vcc)
272 goto next_entry; 272 goto next_entry;
273 } 273 }
diff --git a/include/net/ieee80211.h b/include/net/ieee80211.h
index df05f468fa5c..9a92aef8b0b2 100644
--- a/include/net/ieee80211.h
+++ b/include/net/ieee80211.h
@@ -803,9 +803,9 @@ enum ieee80211_state {
803#define IEEE80211_24GHZ_MAX_CHANNEL 14 803#define IEEE80211_24GHZ_MAX_CHANNEL 14
804#define IEEE80211_24GHZ_CHANNELS 14 804#define IEEE80211_24GHZ_CHANNELS 14
805 805
806#define IEEE80211_52GHZ_MIN_CHANNEL 36 806#define IEEE80211_52GHZ_MIN_CHANNEL 34
807#define IEEE80211_52GHZ_MAX_CHANNEL 165 807#define IEEE80211_52GHZ_MAX_CHANNEL 165
808#define IEEE80211_52GHZ_CHANNELS 32 808#define IEEE80211_52GHZ_CHANNELS 131
809 809
810enum { 810enum {
811 IEEE80211_CH_PASSIVE_ONLY = (1 << 0), 811 IEEE80211_CH_PASSIVE_ONLY = (1 << 0),
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 7a121802faa9..695d0478fd12 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -350,6 +350,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
350 u8 src[ETH_ALEN]; 350 u8 src[ETH_ALEN];
351 struct ieee80211_crypt_data *crypt = NULL; 351 struct ieee80211_crypt_data *crypt = NULL;
352 int keyidx = 0; 352 int keyidx = 0;
353 int can_be_decrypted = 0;
353 354
354 hdr = (struct ieee80211_hdr_4addr *)skb->data; 355 hdr = (struct ieee80211_hdr_4addr *)skb->data;
355 stats = &ieee->stats; 356 stats = &ieee->stats;
@@ -410,12 +411,23 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
410 return 1; 411 return 1;
411 } 412 }
412 413
413 if (is_multicast_ether_addr(hdr->addr1) 414 can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) ||
414 ? ieee->host_mc_decrypt : ieee->host_decrypt) { 415 is_broadcast_ether_addr(hdr->addr2)) ?
416 ieee->host_mc_decrypt : ieee->host_decrypt;
417
418 if (can_be_decrypted) {
415 int idx = 0; 419 int idx = 0;
416 if (skb->len >= hdrlen + 3) 420 if (skb->len >= hdrlen + 3) {
421 /* Top two-bits of byte 3 are the key index */
417 idx = skb->data[hdrlen + 3] >> 6; 422 idx = skb->data[hdrlen + 3] >> 6;
423 }
424
425 /* ieee->crypt[] is WEP_KEY (4) in length. Given that idx
426 * is only allowed 2-bits of storage, no value of idx can
427 * be provided via above code that would result in idx
428 * being out of range */
418 crypt = ieee->crypt[idx]; 429 crypt = ieee->crypt[idx];
430
419#ifdef NOT_YET 431#ifdef NOT_YET
420 sta = NULL; 432 sta = NULL;
421 433
@@ -553,7 +565,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
553 565
554 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ 566 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */
555 567
556 if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && 568 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
557 (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0) 569 (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0)
558 goto rx_dropped; 570 goto rx_dropped;
559 571
@@ -617,7 +629,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
617 629
618 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still 630 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still
619 * encrypted/authenticated */ 631 * encrypted/authenticated */
620 if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && 632 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
621 ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) 633 ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt))
622 goto rx_dropped; 634 goto rx_dropped;
623 635
diff --git a/net/ieee80211/ieee80211_wx.c b/net/ieee80211/ieee80211_wx.c
index 23e1630f50b7..f87c6b89f845 100644
--- a/net/ieee80211/ieee80211_wx.c
+++ b/net/ieee80211/ieee80211_wx.c
@@ -232,15 +232,18 @@ static char *ipw2100_translate_scan(struct ieee80211_device *ieee,
232 return start; 232 return start;
233} 233}
234 234
235#define SCAN_ITEM_SIZE 128
236
235int ieee80211_wx_get_scan(struct ieee80211_device *ieee, 237int ieee80211_wx_get_scan(struct ieee80211_device *ieee,
236 struct iw_request_info *info, 238 struct iw_request_info *info,
237 union iwreq_data *wrqu, char *extra) 239 union iwreq_data *wrqu, char *extra)
238{ 240{
239 struct ieee80211_network *network; 241 struct ieee80211_network *network;
240 unsigned long flags; 242 unsigned long flags;
243 int err = 0;
241 244
242 char *ev = extra; 245 char *ev = extra;
243 char *stop = ev + IW_SCAN_MAX_DATA; 246 char *stop = ev + wrqu->data.length;
244 int i = 0; 247 int i = 0;
245 248
246 IEEE80211_DEBUG_WX("Getting scan\n"); 249 IEEE80211_DEBUG_WX("Getting scan\n");
@@ -249,6 +252,11 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee,
249 252
250 list_for_each_entry(network, &ieee->network_list, list) { 253 list_for_each_entry(network, &ieee->network_list, list) {
251 i++; 254 i++;
255 if (stop - ev < SCAN_ITEM_SIZE) {
256 err = -E2BIG;
257 break;
258 }
259
252 if (ieee->scan_age == 0 || 260 if (ieee->scan_age == 0 ||
253 time_after(network->last_scanned + ieee->scan_age, jiffies)) 261 time_after(network->last_scanned + ieee->scan_age, jiffies))
254 ev = ipw2100_translate_scan(ieee, ev, stop, network); 262 ev = ipw2100_translate_scan(ieee, ev, stop, network);
@@ -270,7 +278,7 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee,
270 278
271 IEEE80211_DEBUG_WX("exit: %d networks returned.\n", i); 279 IEEE80211_DEBUG_WX("exit: %d networks returned.\n", i);
272 280
273 return 0; 281 return err;
274} 282}
275 283
276int ieee80211_wx_set_encode(struct ieee80211_device *ieee, 284int ieee80211_wx_set_encode(struct ieee80211_device *ieee,
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-18 00:40:27 -0500