summaryrefslogtreecommitdiff
path: root/net/wireless/radiotap.c
AgeCommit message (Collapse)AuthorFilesLines
2013-12-16radiotap: fix bitmap-end-finding buffer overrunJohannes Berg1-0/+4
Evan Huus found (by fuzzing in wireshark) that the radiotap iterator code can access beyond the length of the buffer if the first bitmap claims an extension but then there's no data at all. Fix this. Cc: stable@vger.kernel.org Reported-by: Evan Huus <eapache@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-10-14wireless: radiotap: fix parsing buffer overrunJohannes Berg1-1/+6
When parsing an invalid radiotap header, the parser can overrun the buffer that is passed in because it doesn't correctly check 1) the minimum radiotap header size 2) the space for extended bitmaps The first issue doesn't affect any in-kernel user as they all check the minimum size before calling the radiotap function. The second issue could potentially affect the kernel if an skb is passed in that consists only of the radiotap header with a lot of extended bitmaps that extend past the SKB. In that case a read-only buffer overrun by at most 4 bytes is possible. Fix this by adding the appropriate checks to the parser. Cc: stable@vger.kernel.org Reported-by: Evan Huus <eapache@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-08-20wireless: add radiotap A-MPDU status fieldJohannes Berg1-0/+2
Define the A-MPDU status field in radiotap, also update the radiotap parser for it and the MCS field that was apparently missed last time. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-10-31net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modulesPaul Gortmaker1-0/+1
These files are non modular, but need to export symbols using the macros now living in export.h -- call out the include so that things won't break when we remove the implicit presence of module.h from everywhere. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2010-10-15radiotap: fix vendor namespace parsingJohannes Berg1-26/+32
There's a bug with radiotap vendor namespace parsing if you don't register for the given namespace extensions. Fix this by passing only the unknown vendor namespaces and the registered data to frontends, but not both. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-14net/wireless: use ARRAY_SIZE macro in radiotap.cNikitas Angelinas1-1/+2
Replace sizeof(rtap_namespace_sizes) / sizeof(rtap_namespace_sizes[0]) with ARRAY_SIZE(rtap_namespace_sizes) in net/wireless/radiotap.c Signed-off-by: Nikitas Angelinas <nikitasangelinas@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-02-08wireless: update radiotap parserJohannes Berg1-107/+198
Upstream radiotap has adopted the namespace proposal David Young made and I then took care of, for which I had adapted the radiotap parser as a library outside the kernel. This brings the in-kernel parser up to speed. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-05-14wireless: use get/put_unaligned_* helpersHarvey Harrison1-9/+7
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10[WIRELESS] radiotap parser: accept all other fieldsJohannes Berg1-1/+5
This makes the radiotap parser accept all other fields that are currently defined. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-07-12[PATCH] cfg80211: Radiotap parserAndy Green1-0/+257
Generic code to walk through the fields in a radiotap header, accounting for nasties like extended "field present" bitfields and alignment rules Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>