aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2010-02-16 11:05:00 +0100
committerJohn W. Linville <linville@tuxdriver.com>2010-02-16 14:16:24 -0500
commitbef5d1c70d132145c0fc75b3586a19841a9a82e4 (patch)
tree07f657821d0e903d3caea59378d73a903a1237f2 /net
parent04662360854aefcb6337d93701892ad97411fdd0 (diff)
downloadkernel_samsung_smdk4412-bef5d1c70d132145c0fc75b3586a19841a9a82e4.zip
kernel_samsung_smdk4412-bef5d1c70d132145c0fc75b3586a19841a9a82e4.tar.gz
kernel_samsung_smdk4412-bef5d1c70d132145c0fc75b3586a19841a9a82e4.tar.bz2
mac80211: split ieee80211_drop_unencrypted
Currently, ieee80211_drop_unencrypted is called from management and data frame context, and the different contexts pass different frames. This could lead to it processing an 802.3 frame as an 802.11 frame when MFP is enabled. Move the MFP part of ieee80211_drop_unencrypted into a new function that is only called for mgmt frames. Cc: Jouni Malinen <j@w1.fi> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/rx.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index a6080d8..b5c48de 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1397,6 +1397,21 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
ieee80211_is_data(fc) &&
(rx->key || rx->sdata->drop_unencrypted)))
return -EACCES;
+
+ return 0;
+}
+
+static int
+ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
+{
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
+ __le16 fc = hdr->frame_control;
+ int res;
+
+ res = ieee80211_drop_unencrypted(rx, fc);
+ if (unlikely(res))
+ return res;
+
if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
rx->key))
@@ -1872,7 +1887,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_DROP_UNUSABLE;
- if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
+ if (ieee80211_drop_unencrypted_mgmt(rx))
return RX_DROP_UNUSABLE;
switch (mgmt->u.action.category) {
@@ -2014,14 +2029,13 @@ static ieee80211_rx_result debug_noinline
ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
{
struct ieee80211_sub_if_data *sdata = rx->sdata;
- struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
ieee80211_rx_result rxs;
if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_DROP_MONITOR;
- if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
- return RX_DROP_MONITOR;
+ if (ieee80211_drop_unencrypted_mgmt(rx))
+ return RX_DROP_UNUSABLE;
rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb);
if (rxs != RX_CONTINUE)