[PATCH 2/2] mac80211: Fix invalid length passed to IE parser for PLINK CONFIRM frames
Javier Cardona
javier at cozybit.com
Wed Aug 12 14:03:44 EDT 2009
From: David Woo <xinhua_wu at realsil.com.cn>
The length of the fixed portion of plink confirm frames is 4 bytes longer than
the other plink_action frames. This path corrects an error in the length
adjustment done for these type of frames.
Signed-off-by: Javier Cardona <javier at cozybit.com>
---
net/mac80211/mesh_plink.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 7c49c95..3575fe3 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -415,7 +415,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
baselen = (u8 *) mgmt->u.action.u.plink_action.variable - (u8 *) mgmt;
if (mgmt->u.action.u.plink_action.action_code == PLINK_CONFIRM) {
baseaddr += 4;
- baselen -= 4;
+ baselen += 4;
}
ieee802_11_parse_elems(baseaddr, len - baselen, &elems);
if (!elems.peer_link) {
--
1.5.4.3
More information about the Devel
mailing list