[PATCH] Fix LAPB windowsize check

[Diego Calleja <diegocg@gmail.com>]

In bug #6954, Norbert Reinartz reported the following issue:

"Function lapb_setparms() in file net/lapb/lapb_iface.c checks if the given
parameters are valid. If the given window size is in the range of 8 .. 127,
lapb_setparms() fails and returns an error value of LAPB_INVALUE, even if bit
LAPB_EXTENDED in parms->mode is set.
If bit LAPB_EXTENDED in parms->mode is set and the window size is in the range
of 8 .. 127, the first check "(parms->mode & LAPB_EXTENDED)" results true  and
the second check "(parms->window < 1 || parms->window > 127)" results false.
Both checks in conjunction result to false, thus the third check "(parms->window
< 1 || parms->window > 7)" is done by fault.
This third check results true, so that we leave lapb_setparms() by 'goto out_put'.
Seems that this bug doesn't cause any problems, because lapb_setparms() isn't
used to change the default values of LAPB. We are using kernel lapb in our
software project and also change the default parameters of lapb, so we found
this bug"


He also pasted a fix, that I've transformated into a patch:

Signed-off-by: Diego Calleja <diegocg@gmail.com>

Index: 2.6/net/lapb/lapb_iface.c
===================================================================
--- 2.6.orig/net/lapb/lapb_iface.c	2006-08-03 18:40:13.000000000 +0200
+++ 2.6/net/lapb/lapb_iface.c	2006-08-03 18:44:37.000000000 +0200
@@ -238,10 +238,13 @@
 		goto out_put;
 
 	if (lapb->state == LAPB_STATE_0) {
-		if (((parms->mode & LAPB_EXTENDED) &&
-		     (parms->window < 1 || parms->window > 127)) ||
-		    (parms->window < 1 || parms->window > 7))
-			goto out_put;
+		if (parms->mode & LAPB_EXTENDED) {
+			if (parms->window < 1 || parms->window > 127)
+				goto out_put;
+		}
+		else {
+			if (parms->window < 1 || parms->window > 7)
+				goto out_put;
 
 		lapb->mode    = parms->mode;
 		lapb->window  = parms->window;