aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/raw.c24
-rw-r--r--net/mac80211/ibss.c6
-rw-r--r--net/mac80211/mesh_hwmp.c2
-rw-r--r--net/mac80211/mlme.c3
-rw-r--r--net/mac80211/tx.c2
-rw-r--r--net/packet/af_packet.c5
-rw-r--r--net/wireless/core.h1
-rw-r--r--net/wireless/mlme.c9
-rw-r--r--net/wireless/sme.c21
9 files changed, 52 insertions, 21 deletions
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 9ef8c0829a77..ce154b47f1da 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -351,13 +351,24 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
351 skb->ip_summed = CHECKSUM_NONE; 351 skb->ip_summed = CHECKSUM_NONE;
352 352
353 skb->transport_header = skb->network_header; 353 skb->transport_header = skb->network_header;
354 err = memcpy_fromiovecend((void *)iph, from, 0, length); 354 err = -EFAULT;
355 if (err) 355 if (memcpy_fromiovecend((void *)iph, from, 0, length))
356 goto error_fault; 356 goto error_free;
357 357
358 /* We don't modify invalid header */
359 iphlen = iph->ihl * 4; 358 iphlen = iph->ihl * 4;
360 if (iphlen >= sizeof(*iph) && iphlen <= length) { 359
360 /*
361 * We don't want to modify the ip header, but we do need to
362 * be sure that it won't cause problems later along the network
363 * stack. Specifically we want to make sure that iph->ihl is a
364 * sane value. If ihl points beyond the length of the buffer passed
365 * in, reject the frame as invalid
366 */
367 err = -EINVAL;
368 if (iphlen > length)
369 goto error_free;
370
371 if (iphlen >= sizeof(*iph)) {
361 if (!iph->saddr) 372 if (!iph->saddr)
362 iph->saddr = rt->rt_src; 373 iph->saddr = rt->rt_src;
363 iph->check = 0; 374 iph->check = 0;
@@ -380,8 +391,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
380out: 391out:
381 return 0; 392 return 0;
382 393
383error_fault: 394error_free:
384 err = -EFAULT;
385 kfree_skb(skb); 395 kfree_skb(skb);
386error: 396error:
387 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); 397 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 6eaf69823439..ca8ecce31d34 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -538,13 +538,12 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
538 WLAN_CAPABILITY_PRIVACY, 538 WLAN_CAPABILITY_PRIVACY,
539 capability); 539 capability);
540 540
541 if (bss) {
541#ifdef CONFIG_MAC80211_IBSS_DEBUG 542#ifdef CONFIG_MAC80211_IBSS_DEBUG
542 if (bss)
543 printk(KERN_DEBUG " sta_find_ibss: selected %pM current " 543 printk(KERN_DEBUG " sta_find_ibss: selected %pM current "
544 "%pM\n", bss->cbss.bssid, ifibss->bssid); 544 "%pM\n", bss->cbss.bssid, ifibss->bssid);
545#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 545#endif /* CONFIG_MAC80211_IBSS_DEBUG */
546 546
547 if (bss && !memcmp(ifibss->bssid, bss->cbss.bssid, ETH_ALEN)) {
548 printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM" 547 printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM"
549 " based on configured SSID\n", 548 " based on configured SSID\n",
550 sdata->dev->name, bss->cbss.bssid); 549 sdata->dev->name, bss->cbss.bssid);
@@ -552,8 +551,7 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
552 ieee80211_sta_join_ibss(sdata, bss); 551 ieee80211_sta_join_ibss(sdata, bss);
553 ieee80211_rx_bss_put(local, bss); 552 ieee80211_rx_bss_put(local, bss);
554 return; 553 return;
555 } else if (bss) 554 }
556 ieee80211_rx_bss_put(local, bss);
557 555
558#ifdef CONFIG_MAC80211_IBSS_DEBUG 556#ifdef CONFIG_MAC80211_IBSS_DEBUG
559 printk(KERN_DEBUG " did not try to join ibss\n"); 557 printk(KERN_DEBUG " did not try to join ibss\n");
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index e12a786e26b8..29b82e98effa 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -259,7 +259,7 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local,
259 * @hwmp_ie: hwmp information element (PREP or PREQ) 259 * @hwmp_ie: hwmp information element (PREP or PREQ)
260 * 260 *
261 * This function updates the path routing information to the originator and the 261 * This function updates the path routing information to the originator and the
262 * transmitter of a HWMP PREQ or PREP fram. 262 * transmitter of a HWMP PREQ or PREP frame.
263 * 263 *
264 * Returns: metric to frame originator or 0 if the frame should not be further 264 * Returns: metric to frame originator or 0 if the frame should not be further
265 * processed 265 * processed
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 71220a5d1406..dcc14e99227c 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1463,8 +1463,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1463 if (status_code != WLAN_STATUS_SUCCESS) { 1463 if (status_code != WLAN_STATUS_SUCCESS) {
1464 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", 1464 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1465 sdata->dev->name, status_code); 1465 sdata->dev->name, status_code);
1466 list_del(&wk->list); 1466 wk->state = IEEE80211_MGD_STATE_IDLE;
1467 kfree(wk);
1468 return RX_MGMT_CFG80211_ASSOC; 1467 return RX_MGMT_CFG80211_ASSOC;
1469 } 1468 }
1470 1469
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index db4bda681ec9..eaa4118de988 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1445,7 +1445,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1445 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) 1445 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP)
1446 continue; 1446 continue;
1447 if (compare_ether_addr(tmp_sdata->dev->dev_addr, 1447 if (compare_ether_addr(tmp_sdata->dev->dev_addr,
1448 hdr->addr2)) { 1448 hdr->addr2) == 0) {
1449 dev_hold(tmp_sdata->dev); 1449 dev_hold(tmp_sdata->dev);
1450 dev_put(sdata->dev); 1450 dev_put(sdata->dev);
1451 sdata = tmp_sdata; 1451 sdata = tmp_sdata;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 33e68f20ec61..95ef64e4189a 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -984,10 +984,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
984 goto out_put; 984 goto out_put;
985 985
986 size_max = po->tx_ring.frame_size 986 size_max = po->tx_ring.frame_size
987 - sizeof(struct skb_shared_info) 987 - (po->tp_hdrlen - sizeof(struct sockaddr_ll));
988 - po->tp_hdrlen
989 - LL_ALLOCATED_SPACE(dev)
990 - sizeof(struct sockaddr_ll);
991 988
992 if (size_max > dev->mtu + reserve) 989 if (size_max > dev->mtu + reserve)
993 size_max = dev->mtu + reserve; 990 size_max = dev->mtu + reserve;
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 2a33d8bc886b..68b321997d4c 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -358,6 +358,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
358 struct wireless_dev *wdev); 358 struct wireless_dev *wdev);
359 359
360void cfg80211_conn_work(struct work_struct *work); 360void cfg80211_conn_work(struct work_struct *work);
361void cfg80211_sme_failed_assoc(struct wireless_dev *wdev);
361bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); 362bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev);
362 363
363/* internal helpers */ 364/* internal helpers */
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 1f87b4e7f4f7..83c2a288dc63 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -62,6 +62,7 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
62 u8 *ie = mgmt->u.assoc_resp.variable; 62 u8 *ie = mgmt->u.assoc_resp.variable;
63 int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 63 int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
64 struct cfg80211_internal_bss *bss = NULL; 64 struct cfg80211_internal_bss *bss = NULL;
65 bool need_connect_result = true;
65 66
66 wdev_lock(wdev); 67 wdev_lock(wdev);
67 68
@@ -94,6 +95,14 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
94 } 95 }
95 96
96 WARN_ON(!bss); 97 WARN_ON(!bss);
98 } else if (wdev->conn) {
99 cfg80211_sme_failed_assoc(wdev);
100 need_connect_result = false;
101 /*
102 * do not call connect_result() now because the
103 * sme will schedule work that does it later.
104 */
105 goto out;
97 } 106 }
98 107
99 if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { 108 if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) {
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index d3624152f7f7..98a3b7efac4c 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -26,6 +26,7 @@ struct cfg80211_conn {
26 CFG80211_CONN_AUTHENTICATING, 26 CFG80211_CONN_AUTHENTICATING,
27 CFG80211_CONN_ASSOCIATE_NEXT, 27 CFG80211_CONN_ASSOCIATE_NEXT,
28 CFG80211_CONN_ASSOCIATING, 28 CFG80211_CONN_ASSOCIATING,
29 CFG80211_CONN_DEAUTH_ASSOC_FAIL,
29 } state; 30 } state;
30 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; 31 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
31 u8 *ie; 32 u8 *ie;
@@ -148,6 +149,12 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev)
148 NULL, 0, 149 NULL, 0,
149 WLAN_REASON_DEAUTH_LEAVING); 150 WLAN_REASON_DEAUTH_LEAVING);
150 return err; 151 return err;
152 case CFG80211_CONN_DEAUTH_ASSOC_FAIL:
153 __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
154 NULL, 0,
155 WLAN_REASON_DEAUTH_LEAVING);
156 /* return an error so that we call __cfg80211_connect_result() */
157 return -EINVAL;
151 default: 158 default:
152 return 0; 159 return 0;
153 } 160 }
@@ -158,6 +165,7 @@ void cfg80211_conn_work(struct work_struct *work)
158 struct cfg80211_registered_device *rdev = 165 struct cfg80211_registered_device *rdev =
159 container_of(work, struct cfg80211_registered_device, conn_work); 166 container_of(work, struct cfg80211_registered_device, conn_work);
160 struct wireless_dev *wdev; 167 struct wireless_dev *wdev;
168 u8 bssid[ETH_ALEN];
161 169
162 rtnl_lock(); 170 rtnl_lock();
163 cfg80211_lock_rdev(rdev); 171 cfg80211_lock_rdev(rdev);
@@ -173,10 +181,10 @@ void cfg80211_conn_work(struct work_struct *work)
173 wdev_unlock(wdev); 181 wdev_unlock(wdev);
174 continue; 182 continue;
175 } 183 }
184 memcpy(bssid, wdev->conn->params.bssid, ETH_ALEN);
176 if (cfg80211_conn_do_work(wdev)) 185 if (cfg80211_conn_do_work(wdev))
177 __cfg80211_connect_result( 186 __cfg80211_connect_result(
178 wdev->netdev, 187 wdev->netdev, bssid,
179 wdev->conn->params.bssid,
180 NULL, 0, NULL, 0, 188 NULL, 0, NULL, 0,
181 WLAN_STATUS_UNSPECIFIED_FAILURE, 189 WLAN_STATUS_UNSPECIFIED_FAILURE,
182 false, NULL); 190 false, NULL);
@@ -337,6 +345,15 @@ bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev)
337 return true; 345 return true;
338} 346}
339 347
348void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
349{
350 struct wiphy *wiphy = wdev->wiphy;
351 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
352
353 wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL;
354 schedule_work(&rdev->conn_work);
355}
356
340void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, 357void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
341 const u8 *req_ie, size_t req_ie_len, 358 const u8 *req_ie, size_t req_ie_len,
342 const u8 *resp_ie, size_t resp_ie_len, 359 const u8 *resp_ie, size_t resp_ie_len,