[PATCH] ieee80211: Workaround malformed 802.11 frames from AP
authorZhu Yi <yi.zhu@intel.com>
Mon, 21 Aug 2006 03:34:19 +0000 (11:34 +0800)
committerJohn W. Linville <linville@tuxdriver.com>
Tue, 29 Aug 2006 21:06:31 +0000 (17:06 -0400)
Stop processing further but return success when we receive a malformed
packet from the AP. We need this patch to workaround some AP bugs. For
example, the beacon frames from the Orinoco AP1000 contains an IE (value
= 128) with length equals to 8 but the actual frame length is only 7.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/ieee80211/ieee80211_rx.c

index d60358d702d714946d17d9881c4d068d76608c2c..770704183a1bd0f21f27d9bc8683618bab67230f 100644 (file)
@@ -1078,13 +1078,16 @@ static int ieee80211_parse_info_param(struct ieee80211_info_element
 
        while (length >= sizeof(*info_element)) {
                if (sizeof(*info_element) + info_element->len > length) {
-                       IEEE80211_DEBUG_MGMT("Info elem: parse failed: "
-                                            "info_element->len + 2 > left : "
-                                            "info_element->len+2=%zd left=%d, id=%d.\n",
-                                            info_element->len +
-                                            sizeof(*info_element),
-                                            length, info_element->id);
-                       return 1;
+                       IEEE80211_ERROR("Info elem: parse failed: "
+                                       "info_element->len + 2 > left : "
+                                       "info_element->len+2=%zd left=%d, id=%d.\n",
+                                       info_element->len +
+                                       sizeof(*info_element),
+                                       length, info_element->id);
+                       /* We stop processing but don't return an error here
+                        * because some misbehaviour APs break this rule. ie.
+                        * Orinoco AP1000. */
+                       break;
                }
 
                switch (info_element->id) {