mac80211: fix action frame length checks
The action frame length checks are one too small, there's not just an action code as the comment makes you believe, there's a category code too, and the category code is required in each action frame (hence part of IEEE80211_MIN_ACTION_SIZE). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Johannes Berg
committed by
John W. Linville
John W. Linville
parent
5bda617576
commit
9c80d3dc27
@@ -421,6 +421,10 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
|
||||
DECLARE_MAC_BUF(mac);
|
||||
#endif
|
||||
|
||||
/* need action_code, aux */
|
||||
if (len < IEEE80211_MIN_ACTION_SIZE + 3)
|
||||
return;
|
||||
|
||||
if (is_multicast_ether_addr(mgmt->da)) {
|
||||
mpl_dbg("Mesh plink: ignore frame from multicast address");
|
||||
return;
|
||||
|
||||
Reference in New Issue
Block a user