LinuxLists.cc - [PATCH 1/2] mac80211: check for mesh_config length on incoming management frames

2008-04-01 01:03:15

Subject: [PATCH 1/2] mac80211: check for mesh_config length on incoming management frames

Signed-off-by: Luis Carlos Cobo <[email protected]>
---
net/mac80211/ieee80211_sta.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index cfe6fcc..feec201 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -2153,11 +2153,14 @@ ieee80211_rx_mesh_bss_get(struct net_device *dev, u8 *mesh_id, int mesh_id_len,

static struct ieee80211_sta_bss *
ieee80211_rx_mesh_bss_add(struct net_device *dev, u8 *mesh_id, int mesh_id_len,
- u8 *mesh_cfg, int freq)
+ u8 *mesh_cfg, int mesh_config_len, int freq)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sta_bss *bss;

+ if (mesh_config_len != MESH_CFG_LEN)
+ return NULL;
+
bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
if (!bss)
return NULL;
@@ -2530,7 +2533,8 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
#ifdef CONFIG_MAC80211_MESH
if (elems.mesh_config)
bss = ieee80211_rx_mesh_bss_add(dev, elems.mesh_id,
- elems.mesh_id_len, elems.mesh_config, freq);
+ elems.mesh_id_len, elems.mesh_config,
+ elems.mesh_config_len, freq);
else
#endif
bss = ieee80211_rx_bss_add(dev, mgmt->bssid, freq,
--
1.5.4.3

2008-04-01 11:59:20

by Johannes Berg

[permalink] [raw]

Subject: Re: [PATCH 1/2] mac80211: check for mesh_config length on incoming management frames

Indeed :)
Acked-by: Johannes Berg <[email protected]>

> ---
> net/mac80211/ieee80211_sta.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
> index cfe6fcc..feec201 100644
> --- a/net/mac80211/ieee80211_sta.c
> +++ b/net/mac80211/ieee80211_sta.c
> @@ -2153,11 +2153,14 @@ ieee80211_rx_mesh_bss_get(struct net_device *dev, u8 *mesh_id, int mesh_id_len,
>
> static struct ieee80211_sta_bss *
> ieee80211_rx_mesh_bss_add(struct net_device *dev, u8 *mesh_id, int mesh_id_len,
> - u8 *mesh_cfg, int freq)
> + u8 *mesh_cfg, int mesh_config_len, int freq)
> {
> struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
> struct ieee80211_sta_bss *bss;
>
> + if (mesh_config_len != MESH_CFG_LEN)
> + return NULL;
> +
> bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
> if (!bss)
> return NULL;
> @@ -2530,7 +2533,8 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
> #ifdef CONFIG_MAC80211_MESH
> if (elems.mesh_config)
> bss = ieee80211_rx_mesh_bss_add(dev, elems.mesh_id,
> - elems.mesh_id_len, elems.mesh_config, freq);
> + elems.mesh_id_len, elems.mesh_config,
> + elems.mesh_config_len, freq);
> else
> #endif
> bss = ieee80211_rx_bss_add(dev, mgmt->bssid, freq,

Attachments:

signature.asc (828.00 B)
This is a digitally signed message part