]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blobdiff - releases/3.6.7/mac80211-only-process-mesh-config-header-on-frames-that-ra_match.patch
projects / thirdparty / kernel / stable-queue.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Linux 3.6.7
[thirdparty/kernel/stable-queue.git] / releases / 3.6.7 / mac80211-only-process-mesh-config-header-on-frames-that-ra_match.patch
diff --git a/releases/3.6.7/mac80211-only-process-mesh-config-header-on-frames-that-ra_match.patch b/releases/3.6.7/mac80211-only-process-mesh-config-header-on-frames-that-ra_match.patch
new file mode 100644 (file)
index 0000000..d1f636f
--- /dev/null
+++ b/releases/3.6.7/mac80211-only-process-mesh-config-header-on-frames-that-ra_match.patch
@@ -0,0 +1,43 @@
+From 555cb715be8ef98b8ec362b23dfc254d432a35b1 Mon Sep 17 00:00:00 2001
+From: Javier Cardona <javier@cozybit.com>
+Date: Wed, 24 Oct 2012 12:43:30 -0700
+Subject: mac80211: Only process mesh config header on frames that RA_MATCH
+
+From: Javier Cardona <javier@cozybit.com>
+
+commit 555cb715be8ef98b8ec362b23dfc254d432a35b1 upstream.
+
+Doing otherwise is wrong, and may wreak havoc on the mpp tables,
+specially if the frame is encrypted.
+
+Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
+Signed-off-by: Javier Cardona <javier@cozybit.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/rx.c |    6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -1857,7 +1857,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+           mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
+               return RX_DROP_MONITOR;
+-      if (!ieee80211_is_data(hdr->frame_control))
++      if (!ieee80211_is_data(hdr->frame_control) ||
++          !(status->rx_flags & IEEE80211_RX_RA_MATCH))
+               return RX_CONTINUE;
+       if (!mesh_hdr->ttl)
+@@ -1901,9 +1902,6 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+       }
+       skb_set_queue_mapping(skb, q);
+-      if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
+-              goto out;
+-
+       if (!--mesh_hdr->ttl) {
+               IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl);
+               return RX_DROP_MONITOR;
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git