projects
/
powerpc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[PATCH] ieee80211: Fix problem with not decrypting broadcast packets
[powerpc.git]
/
net
/
ieee80211
/
ieee80211_rx.c
diff --git
a/net/ieee80211/ieee80211_rx.c
b/net/ieee80211/ieee80211_rx.c
index
7a12180
..
695d047
100644
(file)
--- a/
net/ieee80211/ieee80211_rx.c
+++ b/
net/ieee80211/ieee80211_rx.c
@@
-350,6
+350,7
@@
int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
u8 src[ETH_ALEN];
struct ieee80211_crypt_data *crypt = NULL;
int keyidx = 0;
u8 src[ETH_ALEN];
struct ieee80211_crypt_data *crypt = NULL;
int keyidx = 0;
+ int can_be_decrypted = 0;
hdr = (struct ieee80211_hdr_4addr *)skb->data;
stats = &ieee->stats;
hdr = (struct ieee80211_hdr_4addr *)skb->data;
stats = &ieee->stats;
@@
-410,12
+411,23
@@
int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
return 1;
}
return 1;
}
- if (is_multicast_ether_addr(hdr->addr1)
- ? ieee->host_mc_decrypt : ieee->host_decrypt) {
+ can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) ||
+ is_broadcast_ether_addr(hdr->addr2)) ?
+ ieee->host_mc_decrypt : ieee->host_decrypt;
+
+ if (can_be_decrypted) {
int idx = 0;
int idx = 0;
- if (skb->len >= hdrlen + 3)
+ if (skb->len >= hdrlen + 3) {
+ /* Top two-bits of byte 3 are the key index */
idx = skb->data[hdrlen + 3] >> 6;
idx = skb->data[hdrlen + 3] >> 6;
+ }
+
+ /* ieee->crypt[] is WEP_KEY (4) in length. Given that idx
+ * is only allowed 2-bits of storage, no value of idx can
+ * be provided via above code that would result in idx
+ * being out of range */
crypt = ieee->crypt[idx];
crypt = ieee->crypt[idx];
+
#ifdef NOT_YET
sta = NULL;
#ifdef NOT_YET
sta = NULL;
@@
-553,7
+565,7
@@
int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
/* skb: hdr + (possibly fragmented, possibly encrypted) payload */
/* skb: hdr + (possibly fragmented, possibly encrypted) payload */
- if (
ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED)
&&
+ if (
(fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted
&&
(keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0)
goto rx_dropped;
(keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0)
goto rx_dropped;
@@
-617,7
+629,7
@@
int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
/* skb: hdr + (possible reassembled) full MSDU payload; possibly still
* encrypted/authenticated */
/* skb: hdr + (possible reassembled) full MSDU payload; possibly still
* encrypted/authenticated */
- if (
ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED)
&&
+ if (
(fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted
&&
ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt))
goto rx_dropped;
ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt))
goto rx_dropped;