From: Ivan Safonov Date: Tue, 2 May 2017 06:01:42 +0000 (+0300) Subject: staging:r8188eu: trim IV/ICV fields in validate_recv_data_frame() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=79650ffde38ec4dd8f5c39ff0a305fb0bc1bb142;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git staging:r8188eu: trim IV/ICV fields in validate_recv_data_frame() Length of IV/ICV fields calculated here, so trim these field here too. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/rtl8188eu/core/rtw_recv.c b/drivers/staging/rtl8188eu/core/rtw_recv.c index e8f0ff93f05a..2c37bb548c0f 100644 --- a/drivers/staging/rtl8188eu/core/rtw_recv.c +++ b/drivers/staging/rtl8188eu/core/rtw_recv.c @@ -1138,6 +1138,8 @@ static int validate_recv_data_frame(struct adapter *adapter, } if (pattrib->privacy) { + struct sk_buff *skb = precv_frame->pkt; + RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("validate_recv_data_frame:pattrib->privacy=%x\n", pattrib->privacy)); RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n ^^^^^^^^^^^IS_MCAST(pattrib->ra(0x%02x))=%d^^^^^^^^^^^^^^^6\n", pattrib->ra[0], IS_MCAST(pattrib->ra))); @@ -1146,6 +1148,13 @@ static int validate_recv_data_frame(struct adapter *adapter, RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n pattrib->encrypt=%d\n", pattrib->encrypt)); SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt); + + if (pattrib->bdecrypted == 1 && pattrib->encrypt > 0) { + memmove(skb->data + pattrib->iv_len, + skb->data, pattrib->hdrlen); + skb_pull(skb, pattrib->iv_len); + skb_trim(skb, skb->len - pattrib->icv_len); + } } else { pattrib->encrypt = 0; pattrib->iv_len = 0; @@ -1265,14 +1274,8 @@ static int validate_recv_frame(struct adapter *adapter, * Hence forward the frame to the monitor anyway to preserve the order * in which frames were received. */ - rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame); - if (precv_frame->attrib.bdecrypted == 1 && precv_frame->attrib.encrypt > 0 && - (adapter->securitypriv.busetkipkey == 1 || precv_frame->attrib.encrypt != _TKIP_)) { - memmove(precv_frame->pkt->data + precv_frame->attrib.iv_len, precv_frame->pkt->data, precv_frame->attrib.hdrlen); - skb_pull(precv_frame->pkt, precv_frame->attrib.iv_len); - skb_trim(precv_frame->pkt, precv_frame->pkt->len - precv_frame->attrib.icv_len); - } + rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame); exit: diff --git a/drivers/staging/rtl8188eu/os_dep/mon.c b/drivers/staging/rtl8188eu/os_dep/mon.c index 53f853f08428..ed396619d97a 100644 --- a/drivers/staging/rtl8188eu/os_dep/mon.c +++ b/drivers/staging/rtl8188eu/os_dep/mon.c @@ -67,7 +67,7 @@ static void mon_recv_decrypted(struct net_device *dev, const u8 *data, } static void mon_recv_decrypted_recv(struct net_device *dev, const u8 *data, - int data_len, int iv_len, int icv_len) + int data_len) { struct sk_buff *skb; struct ieee80211_hdr *hdr; @@ -86,15 +86,8 @@ static void mon_recv_decrypted_recv(struct net_device *dev, const u8 *data, hdr = (struct ieee80211_hdr *)skb->data; hdr_len = ieee80211_hdrlen(hdr->frame_control); - if (skb->len < hdr_len + iv_len + icv_len) { - if (ieee80211_has_protected(hdr->frame_control)) { - hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_PROTECTED); - - memmove(skb->data + iv_len, skb->data, hdr_len); - skb_pull(skb, iv_len); - skb_trim(skb, skb->len - icv_len); - } - } + if (ieee80211_has_protected(hdr->frame_control)) + hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_PROTECTED); skb->ip_summed = CHECKSUM_UNNECESSARY; skb->protocol = eth_type_trans(skb, dev); @@ -117,7 +110,6 @@ static void mon_recv_encrypted(struct net_device *dev, const u8 *data, void rtl88eu_mon_recv_hook(struct net_device *dev, struct recv_frame *frame) { struct rx_pkt_attrib *attr; - int iv_len, icv_len; int data_len; u8 *data; @@ -130,11 +122,8 @@ void rtl88eu_mon_recv_hook(struct net_device *dev, struct recv_frame *frame) data = frame->pkt->data; data_len = frame->pkt->len; - /* Broadcast and multicast frames don't have attr->{iv,icv}_len set */ - SET_ICE_IV_LEN(iv_len, icv_len, attr->encrypt); - if (attr->bdecrypted) - mon_recv_decrypted_recv(dev, data, data_len, iv_len, icv_len); + mon_recv_decrypted_recv(dev, data, data_len); else mon_recv_encrypted(dev, data, data_len); }