diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/ieee80211/ieee80211_rx.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c index 7a121802faa9..695d0478fd12 100644 --- a/net/ieee80211/ieee80211_rx.c +++ b/net/ieee80211/ieee80211_rx.c | |||
@@ -350,6 +350,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
350 | u8 src[ETH_ALEN]; | 350 | u8 src[ETH_ALEN]; |
351 | struct ieee80211_crypt_data *crypt = NULL; | 351 | struct ieee80211_crypt_data *crypt = NULL; |
352 | int keyidx = 0; | 352 | int keyidx = 0; |
353 | int can_be_decrypted = 0; | ||
353 | 354 | ||
354 | hdr = (struct ieee80211_hdr_4addr *)skb->data; | 355 | hdr = (struct ieee80211_hdr_4addr *)skb->data; |
355 | stats = &ieee->stats; | 356 | stats = &ieee->stats; |
@@ -410,12 +411,23 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
410 | return 1; | 411 | return 1; |
411 | } | 412 | } |
412 | 413 | ||
413 | if (is_multicast_ether_addr(hdr->addr1) | 414 | can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) || |
414 | ? ieee->host_mc_decrypt : ieee->host_decrypt) { | 415 | is_broadcast_ether_addr(hdr->addr2)) ? |
416 | ieee->host_mc_decrypt : ieee->host_decrypt; | ||
417 | |||
418 | if (can_be_decrypted) { | ||
415 | int idx = 0; | 419 | int idx = 0; |
416 | if (skb->len >= hdrlen + 3) | 420 | if (skb->len >= hdrlen + 3) { |
421 | /* Top two-bits of byte 3 are the key index */ | ||
417 | idx = skb->data[hdrlen + 3] >> 6; | 422 | idx = skb->data[hdrlen + 3] >> 6; |
423 | } | ||
424 | |||
425 | /* ieee->crypt[] is WEP_KEY (4) in length. Given that idx | ||
426 | * is only allowed 2-bits of storage, no value of idx can | ||
427 | * be provided via above code that would result in idx | ||
428 | * being out of range */ | ||
418 | crypt = ieee->crypt[idx]; | 429 | crypt = ieee->crypt[idx]; |
430 | |||
419 | #ifdef NOT_YET | 431 | #ifdef NOT_YET |
420 | sta = NULL; | 432 | sta = NULL; |
421 | 433 | ||
@@ -553,7 +565,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
553 | 565 | ||
554 | /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ | 566 | /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ |
555 | 567 | ||
556 | if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && | 568 | if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && |
557 | (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0) | 569 | (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0) |
558 | goto rx_dropped; | 570 | goto rx_dropped; |
559 | 571 | ||
@@ -617,7 +629,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
617 | 629 | ||
618 | /* skb: hdr + (possible reassembled) full MSDU payload; possibly still | 630 | /* skb: hdr + (possible reassembled) full MSDU payload; possibly still |
619 | * encrypted/authenticated */ | 631 | * encrypted/authenticated */ |
620 | if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && | 632 | if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && |
621 | ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) | 633 | ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) |
622 | goto rx_dropped; | 634 | goto rx_dropped; |
623 | 635 | ||