* [PATCH] mac80211: fix basic rate bitmap calculation
@ 2009-04-19 11:22 Johannes Berg
0 siblings, 0 replies; only message in thread
From: Johannes Berg @ 2009-04-19 11:22 UTC (permalink / raw)
To: John Linville; +Cc: linux-wireless, Tomas Winkler, Jouni Malinen
commit d61272cbb35fa1c08fe94898583d880256f2dbd3
Author: Tomas Winkler <tomas.winkler@intel.com>
Date: Thu Oct 30 17:08:08 2008 +0200
mac80211: fix basic rates setting from association response
In previous code all the rates were marked as basic.
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
introduced a copy/paste error (see patch).
Unfortunately, this not just leads to wrong data being passed
to the driver but is remotely exploitable for some hardware or
driver combinations.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: stable@kernel.org [2.6.29]
---
net/mac80211/mlme.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- wireless-testing.orig/net/mac80211/mlme.c 2009-04-19 12:27:46.000000000 +0200
+++ wireless-testing/net/mac80211/mlme.c 2009-04-19 12:27:51.000000000 +0200
@@ -1577,7 +1577,7 @@ static void ieee80211_rx_mgmt_assoc_resp
for (i = 0; i < elems.ext_supp_rates_len; i++) {
int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
- bool is_basic = !!(elems.supp_rates[i] & 0x80);
+ bool is_basic = !!(elems.ext_supp_rates[i] & 0x80);
if (rate > 110)
have_higher_than_11mbit = true;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-04-19 11:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-19 11:22 [PATCH] mac80211: fix basic rate bitmap calculation Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox