1 diff -urN madwifi-ng-r2377-20070526.old/net80211/ieee80211_input.c madwifi-ng-r2377-20070526.dev/net80211/ieee80211_input.c
2 --- madwifi-ng-r2377-20070526.old/net80211/ieee80211_input.c 2007-05-21 17:53:39.000000000 +0200
3 +++ madwifi-ng-r2377-20070526.dev/net80211/ieee80211_input.c 2007-05-26 18:51:09.027715120 +0200
6 /* NB: assumes linear (i.e., non-fragmented) skb */
8 + /* check length > header */
9 + if (skb->len < sizeof(struct ether_header) + LLC_SNAPFRAMELEN
10 + + roundup(sizeof(struct athl2p_tunnel_hdr) - 2, 4) + 2) {
11 + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
12 + ni->ni_macaddr, "data", "%s", "decap error");
13 + vap->iv_stats.is_rx_decap++;
14 + IEEE80211_NODE_STAT(ni, rx_decap);
18 /* get to the tunneled headers */
19 ath_hdr = (struct athl2p_tunnel_hdr *)
20 skb_pull(skb, sizeof(struct ether_header) + LLC_SNAPFRAMELEN);
21 - /* ignore invalid frames */
23 + eh_tmp = (struct ether_header *)
24 + skb_pull(skb, roundup(sizeof(struct athl2p_tunnel_hdr) - 2, 4) + 2);
25 + /* sanity check for malformed 802.3 length */
26 + frame_len = ntohs(eh_tmp->ether_type);
27 + if (skb->len < roundup(sizeof(struct ether_header) + frame_len, 4)) {
28 + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
29 + ni->ni_macaddr, "data", "%s", "decap error");
30 + vap->iv_stats.is_rx_decap++;
31 + IEEE80211_NODE_STAT(ni, rx_decap);
36 /* only implementing FF now. drop all others. */
37 if (ath_hdr->proto != ATH_L2TUNNEL_PROTO_FF) {
38 IEEE80211_DISCARD_MAC(vap,
41 vap->iv_stats.is_rx_ffcnt++;
43 - /* move past the tunneled header, with alignment */
44 - skb_pull(skb, roundup(sizeof(struct athl2p_tunnel_hdr) - 2, 4) + 2);
45 - eh_tmp = (struct ether_header *)skb->data;
47 /* ether_type must be length as FF frames are always LLC/SNAP encap'd */
48 frame_len = ntohs(eh_tmp->ether_type);
projects / openwrt / svn-archive / archive.git / blob