From patchwork Tue Apr 15 14:43:07 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bob Copeland X-Patchwork-Id: 3993511 Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 029C4BFF02 for ; Tue, 15 Apr 2014 14:44:19 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 0DCE72021A for ; Tue, 15 Apr 2014 14:44:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 140C120219 for ; Tue, 15 Apr 2014 14:44:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754498AbaDOOoK (ORCPT ); Tue, 15 Apr 2014 10:44:10 -0400 Received: from mail-ob0-f182.google.com ([209.85.214.182]:58724 "EHLO mail-ob0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754399AbaDOOoG (ORCPT ); Tue, 15 Apr 2014 10:44:06 -0400 Received: by mail-ob0-f182.google.com with SMTP id uz6so10962764obc.27 for ; Tue, 15 Apr 2014 07:44:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mcnDvWIlPCM+c2CG3mK8v1qzxYOlXDQ1d44YvRgvhSE=; b=etOlVnspUzkLRl4TZ8rDxJvMSTimhnaIPg56ePtrbXaSb6hfQoxu9a06nnrhgwargY EvUYne4drRPWdQmpJhPgP/Z+weIMSk4VpGiuvLKq3fJypSohoKj1As3vpDDLhztH7JlI 6k5Qf9Zlp2LIlNOiIRkFENalEP6u56z5j5ZgtxYzvjLcr4NYgkih+BCVlh9C+A3uDyyb h1NsPGtbT+/3BnP7j7QJAH1WKNXlXhySXorXW8AfGvIUjYCGpoTAFKc+ZYDbn+T83lkO jTkWHspyqMUSLqLJWiobjH89Z9V8NrhiPPgd21Kl2CnZEdqSwsZGYoEf++rlYC9RDNFC C3XA== X-Gm-Message-State: ALoCoQmtMsd309px8e28S6KxDKBBQ2wS5EylwDBUYEem+INsj/TK/yxc0mINPJ6m3xFz4L6m/zsE X-Received: by 10.182.153.33 with SMTP id vd1mr517894obb.86.1397573045192; Tue, 15 Apr 2014 07:44:05 -0700 (PDT) Received: from hash ([2001:470:1d:6db:230:48ff:fe9d:9c89]) by mx.google.com with ESMTPSA id ko3sm86349359oeb.1.2014.04.15.07.44.03 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 15 Apr 2014 07:44:04 -0700 (PDT) Received: from bob by hash with local (Exim 4.80) (envelope-from ) id 1Wa4aJ-0000qJ-SB; Tue, 15 Apr 2014 10:43:39 -0400 From: Bob Copeland To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, devel@lists.open80211s.org, Bob Copeland Subject: [PATCH 2/3] mac80211: fix mesh_add_rsn_ie IE finding loop Date: Tue, 15 Apr 2014 10:43:07 -0400 Message-Id: <1397572988-3181-2-git-send-email-me@bobcopeland.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1397572988-3181-1-git-send-email-me@bobcopeland.com> References: <1397572988-3181-1-git-send-email-me@bobcopeland.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Previously, the code to copy the RSN IE from the mesh config would increment its pointer by one in the loop instead of by the element length, so there was the potential for mistaking another IE's data fields as the RSN IE. cfg80211_find_ie() exists, so just use that. Signed-off-by: Bob Copeland --- net/mac80211/mesh.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index 9d29237..b06ddc9 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -366,20 +366,15 @@ int mesh_add_rsn_ie(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) return 0; /* find RSN IE */ - data = ifmsh->ie; - while (data < ifmsh->ie + ifmsh->ie_len) { - if (*data == WLAN_EID_RSN) { - len = data[1] + 2; - break; - } - data++; - } + data = cfg80211_find_ie(WLAN_EID_RSN, ifmsh->ie, ifmsh->ie_len); + if (!data) + return 0; - if (len) { - if (skb_tailroom(skb) < len) - return -ENOMEM; - memcpy(skb_put(skb, len), data, len); - } + len = data[1] + 2; + + if (skb_tailroom(skb) < len) + return -ENOMEM; + memcpy(skb_put(skb, len), data, len); return 0; }