diff options
| author | Todd Poynor <toddpoynor@google.com> | 2013-01-15 19:33:11 -0800 |
|---|---|---|
| committer | Todd Poynor <toddpoynor@google.com> | 2013-01-15 19:33:11 -0800 |
| commit | fbad46f30d0ccb24fcadf4fa129d917fd0bfa1fe (patch) | |
| tree | b7ed0216b986c7a0c8f7ab7f2b77191d9b070ead /net/mac80211 | |
| parent | 2627bab94940583e37f36ffa9f635e35a335c33d (diff) | |
| parent | 2a68fec1118107fbaa40c631d45641d40d88ad71 (diff) | |
| download | kernel_samsung_tuna-fbad46f30d0ccb24fcadf4fa129d917fd0bfa1fe.zip kernel_samsung_tuna-fbad46f30d0ccb24fcadf4fa129d917fd0bfa1fe.tar.gz kernel_samsung_tuna-fbad46f30d0ccb24fcadf4fa129d917fd0bfa1fe.tar.bz2 | |
Merge commit 'v3.0.58' into android-3.0
Change-Id: I05959ed26f71cf9197df59291e8e13f254b2115c
Diffstat (limited to 'net/mac80211')
| -rw-r--r-- | net/mac80211/ibss.c | 10 | ||||
| -rw-r--r-- | net/mac80211/rx.c | 16 |
2 files changed, 17 insertions, 9 deletions
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index 56c24ca..c6399f6 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c @@ -940,7 +940,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; sdata->u.ibss.ibss_join_req = jiffies; - memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN); + memcpy(sdata->u.ibss.ssid, params->ssid, params->ssid_len); sdata->u.ibss.ssid_len = params->ssid_len; mutex_unlock(&sdata->u.ibss.mtx); @@ -965,10 +965,6 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata) mutex_lock(&sdata->u.ibss.mtx); - sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; - memset(sdata->u.ibss.bssid, 0, ETH_ALEN); - sdata->u.ibss.ssid_len = 0; - active_ibss = ieee80211_sta_active_ibss(sdata); if (!active_ibss && !is_zero_ether_addr(ifibss->bssid)) { @@ -989,6 +985,10 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata) } } + ifibss->state = IEEE80211_IBSS_MLME_SEARCH; + memset(ifibss->bssid, 0, ETH_ALEN); + ifibss->ssid_len = 0; + sta_info_flush(sdata->local, sdata); /* remove beacon */ diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 667f559..785b6e9 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1352,11 +1352,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) hdr = (struct ieee80211_hdr *)rx->skb->data; fc = hdr->frame_control; + + if (ieee80211_is_ctl(fc)) + return RX_CONTINUE; + sc = le16_to_cpu(hdr->seq_ctrl); frag = sc & IEEE80211_SCTL_FRAG; if (likely((!ieee80211_has_morefrags(fc) && frag == 0) || - (rx->skb)->len < 24 || is_multicast_ether_addr(hdr->addr1))) { /* not fragmented */ goto out; @@ -2768,10 +2771,15 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, test_bit(SCAN_SW_SCANNING, &local->scanning))) status->rx_flags |= IEEE80211_RX_IN_SCAN; - if (ieee80211_is_mgmt(fc)) - err = skb_linearize(skb); - else + if (ieee80211_is_mgmt(fc)) { + /* drop frame if too short for header */ + if (skb->len < ieee80211_hdrlen(fc)) + err = -ENOBUFS; + else + err = skb_linearize(skb); + } else { err = !pskb_may_pull(skb, ieee80211_hdrlen(fc)); + } if (err) { dev_kfree_skb(skb); |