patch staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch added to gregkh-2.6 tree

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: <gregkh@suse.de>
To: richard@rsk.demon.co.uk, gregkh@suse.de, linux-kernel@vger.kernel.org
Subject: patch staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch added to gregkh-2.6 tree
Date: Wed, 12 Nov 2008 15:15:56 -0800	[thread overview]
Message-ID: <12265317563426@kroah.org> (raw)
In-Reply-To: <1225711494.3113.34.camel@castor.localdomain>


This is a note to let you know that I've just added the patch titled

    Subject: Staging: wlan-ng: p80211conv.c copy code from wlan-ng-devel branch to not drop packets

to my gregkh-2.6 tree.  Its filename is

    staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch

This tree can be found at 
    http://www.kernel.org/pub/linux/kernel/people/gregkh/gregkh-2.6/patches/


>From richard@rsk.demon.co.uk  Wed Nov 12 14:31:45 2008
From: Richard Kennedy <richard@rsk.demon.co.uk>
Date: Mon, 03 Nov 2008 11:24:54 +0000
Subject: Staging: wlan-ng: p80211conv.c copy code from wlan-ng-devel branch to not drop packets
To: gregkh <gregkh@suse.de>
Cc: lkml <linux-kernel@vger.kernel.org>
Message-ID: <1225711494.3113.34.camel@castor.localdomain>


allow card to correctly receive network packets,
without this change all incoming packets are dropped.
code copied from the latest wlan-ng-devel tree.

Signed-off-by: Richard Kennedy <richard@rsk.demon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/staging/wlan-ng/p80211conv.c |   49 ++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

--- a/drivers/staging/wlan-ng/p80211conv.c
+++ b/drivers/staging/wlan-ng/p80211conv.c
@@ -377,6 +377,14 @@ int skb_p80211_to_ether( wlandevice_t *w
 	     (memcmp(saddr, e_hdr->saddr, WLAN_ETHADDR_LEN) == 0))) {
 		WLAN_LOG_DEBUG(3, "802.3 ENCAP len: %d\n", payload_length);
 		/* 802.3 Encapsulated */
+		/* Test for an overlength frame */
+		if ( payload_length > (netdev->mtu + WLAN_ETHHDR_LEN)) {
+			/* A bogus length ethfrm has been encap'd. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("ENCAP frame too large (%d > %d)\n",
+				payload_length, netdev->mtu + WLAN_ETHHDR_LEN);
+			return 1;
+		}
 
 		/* Chop off the 802.11 header.  it's already sane. */
 		skb_pull(skb, payload_offset);
@@ -396,6 +404,15 @@ int skb_p80211_to_ether( wlandevice_t *w
 		/* it's a SNAP + RFC1042 frame && protocol is in STT */
 		/* build 802.3 + RFC1042 */
 
+		/* Test for an overlength frame */
+		if ( payload_length > netdev->mtu ) {
+			/* A bogus length ethfrm has been sent. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("SNAP frame too large (%d > %d)\n",
+				payload_length, netdev->mtu);
+			return 1;
+		}
+
 		/* chop 802.11 header from skb. */
 		skb_pull(skb, payload_offset);
 
@@ -416,6 +433,18 @@ int skb_p80211_to_ether( wlandevice_t *w
 		/* it's an 802.1h frame || (an RFC1042 && protocol is not in STT) */
 		/* build a DIXII + RFC894 */
 
+		/* Test for an overlength frame */
+		if ((payload_length - sizeof(wlan_llc_t) - sizeof(wlan_snap_t))
+		    > netdev->mtu) {
+			/* A bogus length ethfrm has been sent. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("DIXII frame too large (%ld > %d)\n",
+					(long int) (payload_length - sizeof(wlan_llc_t) -
+						    sizeof(wlan_snap_t)),
+					netdev->mtu);
+			return 1;
+		}
+
 		/* chop 802.11 header from skb. */
 		skb_pull(skb, payload_offset);
 
@@ -440,6 +469,16 @@ int skb_p80211_to_ether( wlandevice_t *w
 		/*  build an 802.3 frame */
 		/* allocate space and setup hostbuf */
 
+		/* Test for an overlength frame */
+		if ( payload_length > netdev->mtu ) {
+			/* A bogus length ethfrm has been sent. */
+			/* Is someone trying an oflow attack? */
+			WLAN_LOG_ERROR("OTHER frame too large (%d > %d)\n",
+				payload_length,
+				netdev->mtu);
+			return 1;
+		}
+
 		/* Chop off the 802.11 header. */
 		skb_pull(skb, payload_offset);
 
@@ -454,8 +493,16 @@ int skb_p80211_to_ether( wlandevice_t *w
 
 	}
 
+        /*
+         * Note that eth_type_trans() expects an skb w/ skb->data pointing
+         * at the MAC header, it then sets the following skb members:
+         * skb->mac_header,
+         * skb->data, and
+         * skb->pkt_type.
+         * It then _returns_ the value that _we're_ supposed to stuff in
+         * skb->protocol.  This is nuts.
+         */
 	skb->protocol = eth_type_trans(skb, netdev);
-	skb_reset_mac_header(skb);
 
         /* jkriegl: process signal and noise as set in hfa384x_int_rx() */
 	/* jkriegl: only process signal/noise if requested by iwspy */


Patches currently in gregkh-2.6 which might be from richard@rsk.demon.co.uk are

staging/staging-wlan-ng-hfa384x_usb.c-use-newest-version-of-384x_drvr_start.patch
staging/staging-wlan-ng-hfa384x_usbin_callback-check-for-hardware-removed.patch
staging/staging-wlan-ng-p80211conv.c-copy-code-from-wlan-ng-devel-branch-to-not-drop-packets.patch
staging/staging-wlan-ng-p80211netdev.c-fix-netdev-alloc-to-prevent-oops-on-device-start.patch
staging/staging-wlan-ng-p80211wext.c-add-latest-changes-remove-extra-nulls-from-wext_handlers.patch
staging/staging-wlan-ng-p80211wext-don-t-set-default-key-id-twice.patch
staging/staging-wlan-ng-prism2_usb.c-always-enable-the-card-in-probe_usb.patch

     prev parent reply	other threads:[~2008-11-12 23:25 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-03 11:05 [PATCH 0/8] staging/wlan-ng: apply changes from wlan-ng-devel that get the driver working Richard Kennedy
2008-11-03 11:09 ` [PATCH 1/8] p80211netdev.c fix netdev alloc to prevent oops on device start Richard Kennedy
2008-11-03 11:13 ` [PATCH 2/8] prism2_usb.c always enable the card in probe_usb Richard Kennedy
2008-11-03 11:25   ` Oliver Neukum
2008-11-03 11:47     ` Richard Kennedy
2008-11-03 11:16 ` [PATCH 3/8] hfa384x_usb.c use newest version of 384x_drvr_start Richard Kennedy
2008-11-03 11:18 ` [PATCH 4/8] p80211netdev.c correctly enable wext handlers Richard Kennedy
2008-11-12 22:30   ` Greg KH
2008-11-03 11:20 ` [PATCH 5/8] p80211wext.c add latest changes & remove extra nulls from wext_handlers Richard Kennedy
2008-11-03 11:21 ` [PATCH 6/8] p80211wext don't set default key id twice Richard Kennedy
2008-11-03 11:22 ` [PATCH 7/8] hfa384x_usbin_callback: check for hardware removed Richard Kennedy
2008-11-03 11:24 ` [PATCH 8/8] p80211conv.c copy code from wlan-ng-devel branch to not drop packets Richard Kennedy
2008-11-12 23:15   ` gregkh [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=12265317563426@kroah.org \
    --to=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=richard@rsk.demon.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).