diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/ieee80211/ieee80211_rx.c | 22 | 
1 files changed, 17 insertions, 5 deletions
| diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c index 7a121802faa9..695d0478fd12 100644 --- a/net/ieee80211/ieee80211_rx.c +++ b/net/ieee80211/ieee80211_rx.c | |||
| @@ -350,6 +350,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
| 350 | u8 src[ETH_ALEN]; | 350 | u8 src[ETH_ALEN]; | 
| 351 | struct ieee80211_crypt_data *crypt = NULL; | 351 | struct ieee80211_crypt_data *crypt = NULL; | 
| 352 | int keyidx = 0; | 352 | int keyidx = 0; | 
| 353 | int can_be_decrypted = 0; | ||
| 353 | 354 | ||
| 354 | hdr = (struct ieee80211_hdr_4addr *)skb->data; | 355 | hdr = (struct ieee80211_hdr_4addr *)skb->data; | 
| 355 | stats = &ieee->stats; | 356 | stats = &ieee->stats; | 
| @@ -410,12 +411,23 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
| 410 | return 1; | 411 | return 1; | 
| 411 | } | 412 | } | 
| 412 | 413 | ||
| 413 | if (is_multicast_ether_addr(hdr->addr1) | 414 | can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) || | 
| 414 | ? ieee->host_mc_decrypt : ieee->host_decrypt) { | 415 | is_broadcast_ether_addr(hdr->addr2)) ? | 
| 416 | ieee->host_mc_decrypt : ieee->host_decrypt; | ||
| 417 | |||
| 418 | if (can_be_decrypted) { | ||
| 415 | int idx = 0; | 419 | int idx = 0; | 
| 416 | if (skb->len >= hdrlen + 3) | 420 | if (skb->len >= hdrlen + 3) { | 
| 421 | /* Top two-bits of byte 3 are the key index */ | ||
| 417 | idx = skb->data[hdrlen + 3] >> 6; | 422 | idx = skb->data[hdrlen + 3] >> 6; | 
| 423 | } | ||
| 424 | |||
| 425 | /* ieee->crypt[] is WEP_KEY (4) in length. Given that idx | ||
| 426 | * is only allowed 2-bits of storage, no value of idx can | ||
| 427 | * be provided via above code that would result in idx | ||
| 428 | * being out of range */ | ||
| 418 | crypt = ieee->crypt[idx]; | 429 | crypt = ieee->crypt[idx]; | 
| 430 | |||
| 419 | #ifdef NOT_YET | 431 | #ifdef NOT_YET | 
| 420 | sta = NULL; | 432 | sta = NULL; | 
| 421 | 433 | ||
| @@ -553,7 +565,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
| 553 | 565 | ||
| 554 | /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ | 566 | /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ | 
| 555 | 567 | ||
| 556 | if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && | 568 | if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && | 
| 557 | (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0) | 569 | (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0) | 
| 558 | goto rx_dropped; | 570 | goto rx_dropped; | 
| 559 | 571 | ||
| @@ -617,7 +629,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, | |||
| 617 | 629 | ||
| 618 | /* skb: hdr + (possible reassembled) full MSDU payload; possibly still | 630 | /* skb: hdr + (possible reassembled) full MSDU payload; possibly still | 
| 619 | * encrypted/authenticated */ | 631 | * encrypted/authenticated */ | 
| 620 | if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && | 632 | if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && | 
| 621 | ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) | 633 | ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) | 
| 622 | goto rx_dropped; | 634 | goto rx_dropped; | 
| 623 | 635 | ||
