mac80211: add length check in ieee80211_is_robust_mgmt_frame()

A few places weren't checking that the frame passed to the function actually has enough data even though the function clearly documents it must have a payload byte. Make this safer by changing the function to take an skb and checking the length inside. The old version is preserved for now as the rtl* drivers use it and don't have a correct skb. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2014-01-23 16:20:29 +0100
committer: Johannes Berg <johannes.berg@intel.com> 2014-02-04 21:58:07 +0100
commit: d8ca16db6bb23d03fcb794df44bae64ae976f27c (patch)
tree: f577a829374c0f9daba8bf70e1ea3d6ac107089c /net/mac80211/wpa.c
parent: ae811e21df28deb4c2adab0a47fc3da4f56d777b (diff)
download: linux-d8ca16db6bb23d03fcb794df44bae64ae976f27c.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 4aed45c8ee3b..b8600e3c29c8 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -494,7 +494,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
 
 	if (!ieee80211_is_data(hdr->frame_control) &&
-	    !ieee80211_is_robust_mgmt_frame(hdr))
+	    !ieee80211_is_robust_mgmt_frame(skb))
 		return RX_CONTINUE;
 
 	data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN -
author	Johannes Berg <johannes.berg@intel.com>	2014-01-23 16:20:29 +0100
committer	Johannes Berg <johannes.berg@intel.com>	2014-02-04 21:58:07 +0100
commit	d8ca16db6bb23d03fcb794df44bae64ae976f27c (patch)
tree	f577a829374c0f9daba8bf70e1ea3d6ac107089c /net/mac80211/wpa.c
parent	ae811e21df28deb4c2adab0a47fc3da4f56d777b (diff)
download	linux-d8ca16db6bb23d03fcb794df44bae64ae976f27c.tar.bz2