summaryrefslogtreecommitdiff
path: root/net/ieee80211
AgeCommit message (Collapse)Author
2007-11-02[IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)John W. Linville
Reported by Chris Evans <scarybeasts@gmail.com>: > The summary is that an evil 80211 frame can crash out a victim's > machine. It only applies to drivers using the 80211 wireless code, and > only then to certain drivers (and even then depends on a card's > firmware not dropping a dubious packet). I must confess I'm not > keeping track of Linux wireless support, and the different protocol > stacks etc. > > Details are as follows: > > ieee80211_rx() does not explicitly check that "skb->len >= hdrlen". > There are other skb->len checks, but not enough to prevent a subtle > off-by-two error if the frame has the IEEE80211_STYPE_QOS_DATA flag > set. > > This leads to integer underflow and crash here: > > if (frag != 0) > flen -= hdrlen; > > (flen is subsequently used as a memcpy length parameter). How about this? Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Adrian Bunk <bunk@kernel.org>
2006-08-08ieee80211: TKIP requires CRC32Chuck Ebbert
ieee80211_crypt_tkip will not work without CRC32. LD .tmp_vmlinux1 net/built-in.o: In function `ieee80211_tkip_encrypt': net/ieee80211/ieee80211_crypt_tkip.c:349: undefined reference to `crc32_le' Reported by Toralf Foerster <toralf.foerster@gmx.de> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by: Adrian Bunk <bunk@stusta.de>
2006-03-15[PATCH] ieee80211: Fix QoS is not active problemHong Liu
Fix QoS is not active even the network and the card is QOS enabled. The problem is we pass the wrong ieee80211_network address to ipw_handle_beacon/ipw_handle_probe_response, thus the ieee80211_network->qos_data.active will not be set, causing the driver not sending QoS frames at all. Signed-off-by: Hong Liu <hong.liu@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-15[PATCH] ieee80211: Fix CCMP decryption problem when QoS is enabledZhu Yi
Use the correct STYPE for Qos data. Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-02-27[PATCH] ieee80211_rx.c: is_beaconPete Zaitcev
Fix broken is_beacon(). Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-01-30[PATCH] Typo corrections for ieee80211Larry Finger
This patch, generated against 2.6.16-rc1-git4, corrects two typographical errors in ieee80211_rx.c and adds the facility name to a bare printk. Signed-Off-By: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-01-27[PATCH] ieee80211: Fix iwlist scan can only show about 20 APsZhu Yi
Limit the amount of output given to iwlist scan. Signed-off-by: Hong Liu <hong.liu@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-01-27[PATCH] ieee80211: Fix problem with not decrypting broadcast packetsZhu Yi
The code for pulling the key to use for decrypt was correctly using the host_mc_decrypt flag. The code that actually decrypted, however, was based on host_decrypt. This patch changes this behavior. Signed-off-by: Etay Bogner <etay.bogner@gmail.com> Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-01-14[PATCH] Unlinline a bunch of other functionsArjan van de Ven
Remove the "inline" keyword from a bunch of big functions in the kernel with the goal of shrinking it by 30kb to 40kb Signed-off-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Jeff Garzik <jgarzik@pobox.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-10[NET]: Change memcmp(,,ETH_ALEN) to compare_ether_addr()Kris Katterjohn
This changes some memcmp(one,two,ETH_ALEN) to compare_ether_addr(one,two). Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-09[PATCH] ieee80211: enable hw wep where host has to build IVJohannes Berg
This patch fixes some of the ieee80211 crypto related code so that instead of having the host fully do crypto operations, the host_build_iv flag works properly (for WEP in this patch) which, if turned on, requires the hardware to do all crypto operations, but the ieee80211 layer builds the IV. The hardware also has to build the ICV. Previously, the host_build_iv flag couldn't be used at all for WEP, and not alone (with both host_decrypt and host_encrypt disabled) because the crypto algorithm wasn't assigned. This is also fixed. I have tested this patch both in host crypto mode and in hw crypto mode (with the Broadcom chipset). [resent, signing digitally caused it to be MIME-junked, sorry] Signed-Off-By: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2006-01-03[IEEE80211] ipw2200: Simplify multicast checks.Stephen Hemminger
From: Stephen Hemminger <shemminger@osdl.org> is_multicast_ether_addr() accepts broadcast too, so the is_broadcast_ether_addr() calls are redundant. Signed-off-by: David S. Miller <davem@davemloft.net>
2005-12-12[PATCH] ieee80211_crypt_tkip depends on NET_RADIOOlaf Hering
*** Warning: ".wireless_send_event" [net/ieee80211/ieee80211_crypt_tkip.ko] undefined! Signed-off-by: Olaf Hering <olh@suse.de> net/ieee80211/Kconfig | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-11-09ieee80211: cleanup crypto list handling, other minor cleanups.Christoph Hellwig
2005-11-09Merge rsync://bughost.org/repos/ieee80211-delta/Jeff Garzik
2005-11-07Merge git://git.tuxdriver.com/git/netdev-jwlJeff Garzik
2005-11-07[PATCH] fix NET_RADIO=n, IEEE80211=y compileAdrian Bunk
This patch fixes the following compile error with CONFIG_NET_RADIO=n and CONFIG_IEEE80211=y: LD .tmp_vmlinux1 net/built-in.o: In function `ieee80211_rx': : undefined reference to `wireless_spy_update' make: *** [.tmp_vmlinux1] Error 1 Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2005-11-07Fix problem with WEP unicast key > index 0Volker Braun
The functions ieee80211_wx_{get,set}_encodeext fail if one tries to set unicast (IW_ENCODE_EXT_GROUP_KEY not set) keys at key indices>0. But at least some Cisco APs dish out dynamic WEP unicast keys at index !=0. Signed-off-by: Volker Braun <volker.braun@physik.hu-berlin.de> Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-11-07scripts/Lindent on ieee80211 subsystem.James Ketrenos
Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-11-05Remove linux/version.h include from drivers/net/phy/* and net/ieee80211/*.Jeff Garzik
Unused, and causes the files to be needlessly rebuilt in some cases.
2005-10-26[PATCH] ieee80211 build fixJames Ketrenos
James Ketrenos wrote: > [3/4] Use the tx_headroom and reserve requested space. This patch introduced a compile problem; patch below corrects this. Fixed compilation error due to not passing tx_headroom in ieee80211_tx_frame. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-10-21ieee80211 subsystem:Michael Buesch
* Use GFP mask on TX skb allocation. * Use the tx_headroom and reserve requested space. Signed-off-by: Michael Buesch <mbuesch@freenet.de> Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-10-20Fixed oops if an uninitialized key is used for encryption.Hong Liu
Without this patch, if you try and use a key that has not been configured, for example: % iwconfig eth1 key deadbeef00 [2] without having configured key [1], then the active key will still be [1], but privacy will now be enabled. Transmission of a packet in this situation will result in a kernel oops. Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-10-19Fixed problem with not being able to decrypt/encrypt broadcast packets.Hong Liu
Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-10-18[PATCH] ieee80211: division by zero fixJiri Benc
This fixes division by zero bug in ieee80211_wx_get_scan(). Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-10-13Merge branch 'master'Jeff Garzik
2005-10-08[PATCH] gfp flags annotations - part 1Al Viro
- added typedef unsigned int __nocast gfp_t; - replaced __nocast uses for gfp flags with gfp_t - it gives exactly the same warnings as far as sparse is concerned, doesn't change generated code (from gcc point of view we replaced unsigned int with typedef) and documents what's going on far better. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-04Merge rsync://bughost.org/repos/ieee80211-delta/Jeff Garzik
2005-10-04Merge branch 'upstream-fixes'Jeff Garzik
2005-10-04[PATCH] ieee80211: fix gfp flags typeRandy Dunlap
Fix implicit nocast warnings in ieee80211 code, including __nocast: net/ieee80211/ieee80211_tx.c:215:9: warning: implicit cast to nocast type Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-10-03Merge branch 'upstream-fixes'Jeff Garzik
2005-10-03[PATCH] ieee80211: fix gfp flags typeRandy Dunlap
Fix implicit nocast warnings in ieee80211 code: net/ieee80211/ieee80211_tx.c:215:9: warning: implicit cast to nocast type Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-10-03Lindent and trailing whitespace script executed ieee80211 subsystemJames Ketrenos
Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-10-03When an assoc_resp is received the network structure is not completelyIvo van Doorn
initialized which can cause problems for drivers that expect the network structure to be completely filled in. This patch will make sure the network is filled in as much as possible. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-10-03Currently the info_element is parsed by 2 seperate functions, thisIvo van Doorn
results in a lot of duplicate code. This will move the parsing stage into a seperate function. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-10-03Fix implicit nocast warnings in ieee80211 code:Randy Dunlap
net/ieee80211/ieee80211_tx.c:215:9: warning: implicit cast to nocast type Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-10-03This will move the ieee80211_is_ofdm_rate function to the ieee80211.hIvo van Doorn
header, and I also added the ieee80211_is_cck_rate counterpart. Various drivers currently create there own version of these functions, but I guess the ieee80211 stack is the best place to provide such routines. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: James Ketrenos <jketreno@linux.intel.com>
2005-09-29[PATCH] proc_mkdir() should be used to create procfs directoriesAl Viro
A bunch of create_proc_dir_entry() calls creating directories had crept in since the last sweep; converted to proc_mkdir(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-22[PATCH] ieee80211: in-tree driver updates to sync with latest ieee80211 seriesJames Ketrenos
Changed crypto method from requiring a struct ieee80211_device reference to the init handler. Instead we now have a get/set flags method for each crypto component. Setting of TKIP countermeasures can now be done via set_flags(IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-22[PATCH] ieee80211: Added handle_deauth() callback, enhanced tkip/ccmp ↵James Ketrenos
support of varying hw/sw offload tree de81b55e78e85997642c651ea677078d0554a14f parent c8030da8c159f8b82712172a6748a42523aea83a author James Ketrenos <jketreno@linux.intel.com> 1127104380 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127315225 -0500 Added handle_deauth() callback. Enhanced crypt_{tkip,ccmp} to support varying splits of HW/SW offload. Changed channel freq to u32 from u16. Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-22[PATCH] ieee80211: Added subsystem version string and reporting via ↵James Ketrenos
MODULE_VERSION tree c1b50ac5d2d1f9b727c39c6bd86a7872f25a1127 parent 1bb997a3ac7dd1941e02426d2f70bd28993a82b7 author James Ketrenos <jketreno@linux.intel.com> 1126720779 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127314674 -0500 Added subsystem version string and reporting via MODULE_VERSION and pritnk during load. NOTE: This is the version support split out from patch 24/29 of the prior series. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee82011: Remove WIRELESS_EXT ifdefsJames Ketrenos
Remove old WIRELESS_EXT version compatibility In-tree doesn't need to maintain backward compatibility. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Updated copyright datesJames Ketrenos
tree 0d3e41e574fcb41b9da7f0b7e1d27ec350726654 parent dbe2885fe2f454d538eaaabefc741ded1026f476 author James Ketrenos <jketreno@linux.intel.com> 1126720499 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127314531 -0500 Updated copyright dates. NOTE: This is a split out of just the copyright updates from patch 24/29 in the prior series. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Keep auth mode unchanged after iwconfig key off/on cycleJames Ketrenos
tree 2e6f6e7dc4f4eeb8e3dc265020016dd53e40578a parent ba2075794a089430b3dd7c90ff46ce1b67e9c7cc author Zhu Yi <yi.zhu@intel.com> 1125551043 +0800 committer James Ketrenos <jketreno@linux.intel.com> 1127314475 -0500 [Bug 768] Keep auth mode unchanged after iwconfig key off/on cycle. Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Mixed PTK/GTK CCMP/TKIP supportJames Ketrenos
tree 5c7559a1216ae1121487f6aed94a6017490729b3 parent c1ff4c22e5622c8987bf96c09158c4924cde98c2 author Hong Liu <hong.liu@intel.com> 1125482767 +0800 committer James Ketrenos <jketreno@linux.intel.com> 1127314427 -0500 Mixed PTK/GTK CCMP/TKIP support. Signed-off-by: Hong Liu <hong.liu@intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Type-o, capbility definition for QoS, and ERP parsingJames Ketrenos
tree 3ac0dd07b9972dfd68fee47ec2152d3d378de000 parent 9ada1d971d9829c34a14d98840080b7e69fdff6b author Mohamed Abbad <mohamed.abbas@intel.com> 1126054379 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127314340 -0500 Type-o, capbility definition for QoS, and ERP parsing Added WLAN_CAPABILITY_QOS Fixed type-o WLAN_CAPABILITY_OSSS_OFDM -> WLAN_CAPABILITY_DSSS_OFDM Added ERP IE parsing to ieee80211_rx Added handle_probe_request callback. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Added ieee80211_geo to provide helper functionsJames Ketrenos
tree 385b391fc0d7c124cd0547fdb6183e9a0c333391 parent 97d7a47f76e72bedde7f402785559ed4c7a8e8e8 author James Ketrenos <jketreno@linux.intel.com> 1124447590 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127313735 -0500 Added ieee80211_geo to provide helper functions to drivers for implementing supported channel maps. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Add QoS (WME) support to the ieee80211 subsystemJames Ketrenos
tree a3ad796273e98036eb0e9fc063225070fa24508a parent 1b9c0aeb377abf8e4a43a86cff42382f74ca0259 author Mohamed Abbas <mabbas@linux.intel.com> 1124447069 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127313435 -0500 Add QoS (WME) support to the ieee80211 subsystem. NOTE: This requires drivers that use the ieee80211 hard_start_xmit (ipw2100 and ipw2200) to add the priority parameter to their callback. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Return NETDEV_TX_BUSY when QoS buffer fullJames Ketrenos
tree ba6509c7cd1dd4244a2f285f2da5d632e7ffbb25 parent 7b5f9f2ddcabdaea214527a895e6e8445cafdd80 author James Ketrenos <jketreno@linux.intel.com> 1124447000 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127313383 -0500 Per the conversations with folks at OLS, the QoS layer in 802.11 drivers can now result in NETDEV_TX_BUSY being returned when the queue a packet is targetted for is full. To implement this, ieee80211_xmit will now call the driver's is_queue_full to determine if the current priority queue is full. If so, NETDEV_TX_BUSY is returned to the kernel and no processing is done on the frame. Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-09-21[PATCH] ieee80211: Fix TKIP, repeated fragmentation problem, and ↵James Ketrenos
payload_size reporting tree 8428e9f510e6ad6c77baec89cb57374842abf733 parent d78bfd3ddae9c422dd350159110f9c4d7cfc50de author Liu Hong <hong.liu@intel.com> 1124446520 -0500 committer James Ketrenos <jketreno@linux.intel.com> 1127313183 -0500 Fix TKIP, repeated fragmentation problem, and payload_size reporting 1. TKIP encryption Originally, TKIP encryption issues msdu + mpdu encryption on every fragment. Change the behavior to msdu encryption on the whole packet, then mpdu encryption on every fragment. 2. Avoid repeated fragmentation when !host_encrypt. We only need do fragmentation when using host encryption. Otherwise we only need pass the whole packet to driver, letting driver do the fragmentation. 3. change the txb->payload_size to correct value FW will use this value to determine whether to do fragmentation. If we pass the wrong value, fw may cut on the wrong bound which will make decryption fail when we do host encryption. NOTE: This requires changing drivers (hostap) that have extra_prefix_len used within them (structure member name change). Signed-off-by: Hong Liu <liu.hong@intel.com> Signed-off-by: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>