Commit 2cc7add3 authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: mac80211: move action length check up 



We'd like to add more checks to the function here for
action frames, so move up the length check from the
action processing.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarGregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230619161906.e799254e923f.I0a1de5f6bbdc1b2ef5efaa0ac80c7c3f39415538@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 7339e0f2

net/mac80211/rx.c

+5 −4
Original line number Diff line number Diff line
@@ -3363,6 +3363,11 @@ ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx) 
	if (!ieee80211_is_mgmt(mgmt->frame_control))

		return RX_DROP_MONITOR;



	/* drop too small action frames */

	if (ieee80211_is_action(mgmt->frame_control) &&

	    rx->skb->len < IEEE80211_MIN_ACTION_SIZE)

		return RX_DROP_UNUSABLE;



	if (rx->sdata->vif.type == NL80211_IFTYPE_AP &&

	    ieee80211_is_beacon(mgmt->frame_control) &&

	    !(rx->flags & IEEE80211_RX_BEACON_REPORTED)) {
@@ -3452,10 +3457,6 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) 
	if (!ieee80211_is_action(mgmt->frame_control))

		return RX_CONTINUE;



	/* drop too small frames */

	if (len < IEEE80211_MIN_ACTION_SIZE)

		return RX_DROP_UNUSABLE;



	if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC &&

	    mgmt->u.action.category != WLAN_CATEGORY_SELF_PROTECTED &&

	    mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)