|
|
@@ -62,13 +62,16 @@ static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
|
|
|
static inline int should_drop_frame(struct sk_buff *skb, int present_fcs_len)
|
|
|
{
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
|
|
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
|
|
+ struct ieee80211_hdr *hdr;
|
|
|
+
|
|
|
+ hdr = (void *)(skb->data + status->vendor_radiotap_len);
|
|
|
|
|
|
if (status->flag & (RX_FLAG_FAILED_FCS_CRC |
|
|
|
RX_FLAG_FAILED_PLCP_CRC |
|
|
|
RX_FLAG_AMPDU_IS_ZEROLEN))
|
|
|
return 1;
|
|
|
- if (unlikely(skb->len < 16 + present_fcs_len))
|
|
|
+ if (unlikely(skb->len < 16 + present_fcs_len +
|
|
|
+ status->vendor_radiotap_len))
|
|
|
return 1;
|
|
|
if (ieee80211_is_ctl(hdr->frame_control) &&
|
|
|
!ieee80211_is_pspoll(hdr->frame_control) &&
|
|
|
@@ -341,8 +344,8 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
|
|
|
if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
|
|
|
present_fcs_len = FCS_LEN;
|
|
|
|
|
|
- /* make sure hdr->frame_control is on the linear part */
|
|
|
- if (!pskb_may_pull(origskb, 2)) {
|
|
|
+ /* ensure hdr->frame_control and vendor radiotap data are in skb head */
|
|
|
+ if (!pskb_may_pull(origskb, 2 + status->vendor_radiotap_len)) {
|
|
|
dev_kfree_skb(origskb);
|
|
|
return NULL;
|
|
|
}
|
Johannes Berg