patch staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch added to gregkh-2.6 tree

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <gregkh@suse.de>
To: richard@rsk.demon.co.uk, gregkh@suse.de, linux-kernel@vger.kernel.org
Subject: patch staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch added to gregkh-2.6 tree
Date: Wed, 12 Nov 2008 15:15:56 -0800	[thread overview]
Message-ID: <12265317563426@kroah.org> (raw)
In-Reply-To: <1225711494.3113.34.camel@castor.localdomain>


This is a note to let you know that I've just added the patch titled

    Subject: Staging: wlan-ng: p80211conv.c copy code from wlan-ng-devel branch to not drop packets

to my gregkh-2.6 tree.  Its filename is

    staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch

This tree can be found at 
    http://www.kernel.org/pub/linux/kernel/people/gregkh/gregkh-2.6/patches/


>From richard@rsk.demon.co.uk  Wed Nov 12 14:31:45 2008
From: Richard Kennedy <richard@rsk.demon.co.uk>
Date: Mon, 03 Nov 2008 11:24:54 +0000
Subject: Staging: wlan-ng: p80211conv.c copy code from wlan-ng-devel branch to not drop packets
To: gregkh <gregkh@suse.de>
Cc: lkml <linux-kernel@vger.kernel.org>
Message-ID: <1225711494.3113.34.camel@castor.localdomain>


allow card to correctly receive network packets,
without this change all incoming packets are dropped.
code copied from the latest wlan-ng-devel tree.

Signed-off-by: Richard Kennedy <richard@rsk.demon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/staging/wlan-ng/p80211conv.c |   49 ++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

--- a/drivers/staging/wlan-ng/p80211conv.c
+++ b/drivers/staging/wlan-ng/p80211conv.c
@@ -377,6 +377,14 @@ int skb_p80211_to_ether( wlandevice_t *w
 	     (memcmp(saddr, e_hdr->saddr, WLAN_ETHADDR_LEN) == 0))) {
 		WLAN_LOG_DEBUG(3, "802.3 ENCAP len: %d\n", payload_length);
 		/* 802.3 Encapsulated */
+		/* Test for an overlength frame */
+		if ( payload_length > (netdev->mtu + WLAN_ETHHDR_LEN)) {
+			/* A bogus length ethfrm has been encap'd. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("ENCAP frame too large (%d > %d)\n",
+				payload_length, netdev->mtu + WLAN_ETHHDR_LEN);
+			return 1;
+		}
 
 		/* Chop off the 802.11 header.  it's already sane. */
 		skb_pull(skb, payload_offset);
@@ -396,6 +404,15 @@ int skb_p80211_to_ether( wlandevice_t *w
 		/* it's a SNAP + RFC1042 frame && protocol is in STT */
 		/* build 802.3 + RFC1042 */
 
+		/* Test for an overlength frame */
+		if ( payload_length > netdev->mtu ) {
+			/* A bogus length ethfrm has been sent. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("SNAP frame too large (%d > %d)\n",
+				payload_length, netdev->mtu);
+			return 1;
+		}
+
 		/* chop 802.11 header from skb. */
 		skb_pull(skb, payload_offset);
 
@@ -416,6 +433,18 @@ int skb_p80211_to_ether( wlandevice_t *w
 		/* it's an 802.1h frame || (an RFC1042 && protocol is not in STT) */
 		/* build a DIXII + RFC894 */
 
+		/* Test for an overlength frame */
+		if ((payload_length - sizeof(wlan_llc_t) - sizeof(wlan_snap_t))
+		    > netdev->mtu) {
+			/* A bogus length ethfrm has been sent. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("DIXII frame too large (%ld > %d)\n",
+					(long int) (payload_length - sizeof(wlan_llc_t) -
+						    sizeof(wlan_snap_t)),
+					netdev->mtu);
+			return 1;
+		}
+
 		/* chop 802.11 header from skb. */
 		skb_pull(skb, payload_offset);
 
@@ -440,6 +469,16 @@ int skb_p80211_to_ether( wlandevice_t *w
 		/*  build an 802.3 frame */
 		/* allocate space and setup hostbuf */
 
+		/* Test for an overlength frame */
+		if ( payload_length > netdev->mtu ) {
+			/* A bogus length ethfrm has been sent. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("OTHER frame too large (%d > %d)\n",
+				payload_length,
+				netdev->mtu);
+			return 1;
+		}
+
 		/* Chop off the 802.11 header. */
 		skb_pull(skb, payload_offset);
 
@@ -454,8 +493,16 @@ int skb_p80211_to_ether( wlandevice_t *w
 
 	}
 
+        /*
+         * Note that eth_type_trans() expects an skb w/ skb->data pointing
+         * at the MAC header, it then sets the following skb members:
+         * skb->mac_header,
+         * skb->data, and
+         * skb->pkt_type.
+         * It then _returns_ the value that _we're_ supposed to stuff in
+         * skb->protocol.  This is nuts.
+         */
 	skb->protocol = eth_type_trans(skb, netdev);
-	skb_reset_mac_header(skb);
 
         /* jkriegl: process signal and noise as set in hfa384x_int_rx() */
 	/* jkriegl: only process signal/noise if requested by iwspy */


Patches currently in gregkh-2.6 which might be from richard@rsk.demon.co.uk are

staging/staging-wlan-ng-hfa384x_usb.c-use-newest-version-of-384x_drvr_start.patch
staging/staging-wlan-ng-hfa384x_usbin_callback-check-for-hardware-removed.patch
staging/staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch
staging/staging-wlan-ng-p80211netdev.c-fix-netdev-alloc-to-prevent-oops-on-device-start.patch
staging/staging-wlan-ng-p80211wext.c-add-latest-changes-remove-extra-nulls-from-wext_handlers.patch
staging/staging-wlan-ng-p80211wext-don-t-set-default-key-id-twice.patch
staging/staging-wlan-ng-prism2_usb.c-always-enable-the-card-in-probe_usb.patch

     prev parent reply	other threads:[~2008-11-12 23:25 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-03 11:05 [PATCH 0/8] staging/wlan-ng: apply changes from wlan-ng-devel that get the driver working Richard Kennedy
2008-11-03 11:09 ` [PATCH 1/8] p80211netdev.c fix netdev alloc to prevent oops on device start Richard Kennedy
2008-11-03 11:13 ` [PATCH 2/8] prism2_usb.c always enable the card in probe_usb Richard Kennedy
2008-11-03 11:25   ` Oliver Neukum
2008-11-03 11:47     ` Richard Kennedy
2008-11-03 11:16 ` [PATCH 3/8] hfa384x_usb.c use newest version of 384x_drvr_start Richard Kennedy
2008-11-03 11:18 ` [PATCH 4/8] p80211netdev.c correctly enable wext handlers Richard Kennedy
2008-11-12 22:30   ` Greg KH
2008-11-03 11:20 ` [PATCH 5/8] p80211wext.c add latest changes & remove extra nulls from wext_handlers Richard Kennedy
2008-11-03 11:21 ` [PATCH 6/8] p80211wext don't set default key id twice Richard Kennedy
2008-11-03 11:22 ` [PATCH 7/8] hfa384x_usbin_callback: check for hardware removed Richard Kennedy
2008-11-03 11:24 ` [PATCH 8/8] p80211conv.c copy code from wlan-ng-devel branch to not drop packets Richard Kennedy
2008-11-12 23:15   ` gregkh [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=12265317563426@kroah.org \
    --to=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=richard@rsk.demon.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.