[PATCH 4/7] staging:r8188eu: trim IV/ICV fields in validate_recv_data_frame()

From: Ivan Safonov
Date: Tue May 02 2017 - 02:05:29 EST

Next message: Ivan Safonov: "[PATCH 3/7] staging:r8188eu: inline unprotect_frame() in mon_recv_decrypted_recv()"
Previous message: Ivan Safonov: "[PATCH 6/7] staging:r8188eu: remove ieee80211_is_empty_essid()"
In reply to: Ivan Safonov: "[PATCH 6/7] staging:r8188eu: remove ieee80211_is_empty_essid()"
Next in thread: Ivan Safonov: "[PATCH 3/7] staging:r8188eu: inline unprotect_frame() in mon_recv_decrypted_recv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Length of IV/ICV fields calculated here, so trim these field here too.

Signed-off-by: Ivan Safonov <insafonov@xxxxxxxxx>
---
drivers/staging/rtl8188eu/core/rtw_recv.c | 17 ++++++++++-------
drivers/staging/rtl8188eu/os_dep/mon.c | 19 ++++---------------
2 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/drivers/staging/rtl8188eu/core/rtw_recv.c b/drivers/staging/rtl8188eu/core/rtw_recv.c
index e8f0ff9..2c37bb5 100644
--- a/drivers/staging/rtl8188eu/core/rtw_recv.c
+++ b/drivers/staging/rtl8188eu/core/rtw_recv.c
@@ -1138,6 +1138,8 @@ static int validate_recv_data_frame(struct adapter *adapter,
}

if (pattrib->privacy) {
+ struct sk_buff *skb = precv_frame->pkt;
+
RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("validate_recv_data_frame:pattrib->privacy=%x\n", pattrib->privacy));
RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n ^^^^^^^^^^^IS_MCAST(pattrib->ra(0x%02x))=%d^^^^^^^^^^^^^^^6\n", pattrib->ra[0], IS_MCAST(pattrib->ra)));

@@ -1146,6 +1148,13 @@ static int validate_recv_data_frame(struct adapter *adapter,
RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n pattrib->encrypt=%d\n", pattrib->encrypt));

SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
+
+ if (pattrib->bdecrypted == 1 && pattrib->encrypt > 0) {
+ memmove(skb->data + pattrib->iv_len,
+ skb->data, pattrib->hdrlen);
+ skb_pull(skb, pattrib->iv_len);
+ skb_trim(skb, skb->len - pattrib->icv_len);
+ }
} else {
pattrib->encrypt = 0;
pattrib->iv_len = 0;
@@ -1265,14 +1274,8 @@ static int validate_recv_frame(struct adapter *adapter,
* Hence forward the frame to the monitor anyway to preserve the order
* in which frames were received.
*/
- rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame);

- if (precv_frame->attrib.bdecrypted == 1 && precv_frame->attrib.encrypt > 0 &&
- (adapter->securitypriv.busetkipkey == 1 || precv_frame->attrib.encrypt != _TKIP_)) {
- memmove(precv_frame->pkt->data + precv_frame->attrib.iv_len, precv_frame->pkt->data, precv_frame->attrib.hdrlen);
- skb_pull(precv_frame->pkt, precv_frame->attrib.iv_len);
- skb_trim(precv_frame->pkt, precv_frame->pkt->len - precv_frame->attrib.icv_len);
- }
+ rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame);

exit:

diff --git a/drivers/staging/rtl8188eu/os_dep/mon.c b/drivers/staging/rtl8188eu/os_dep/mon.c
index 53f853f..ed39661 100644
--- a/drivers/staging/rtl8188eu/os_dep/mon.c
+++ b/drivers/staging/rtl8188eu/os_dep/mon.c
@@ -67,7 +67,7 @@ static void mon_recv_decrypted(struct net_device *dev, const u8 *data,
}

static void mon_recv_decrypted_recv(struct net_device *dev, const u8 *data,
- int data_len, int iv_len, int icv_len)
+ int data_len)
{
struct sk_buff *skb;
struct ieee80211_hdr *hdr;
@@ -86,15 +86,8 @@ static void mon_recv_decrypted_recv(struct net_device *dev, const u8 *data,
hdr = (struct ieee80211_hdr *)skb->data;
hdr_len = ieee80211_hdrlen(hdr->frame_control);

- if (skb->len < hdr_len + iv_len + icv_len) {
- if (ieee80211_has_protected(hdr->frame_control)) {
- hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-
- memmove(skb->data + iv_len, skb->data, hdr_len);
- skb_pull(skb, iv_len);
- skb_trim(skb, skb->len - icv_len);
- }
- }
+ if (ieee80211_has_protected(hdr->frame_control))
+ hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_PROTECTED);

skb->ip_summed = CHECKSUM_UNNECESSARY;
skb->protocol = eth_type_trans(skb, dev);
@@ -117,7 +110,6 @@ static void mon_recv_encrypted(struct net_device *dev, const u8 *data,
void rtl88eu_mon_recv_hook(struct net_device *dev, struct recv_frame *frame)
{
struct rx_pkt_attrib *attr;
- int iv_len, icv_len;
int data_len;
u8 *data;

@@ -130,11 +122,8 @@ void rtl88eu_mon_recv_hook(struct net_device *dev, struct recv_frame *frame)
data = frame->pkt->data;
data_len = frame->pkt->len;

- /* Broadcast and multicast frames don't have attr->{iv,icv}_len set */
- SET_ICE_IV_LEN(iv_len, icv_len, attr->encrypt);
-
if (attr->bdecrypted)
- mon_recv_decrypted_recv(dev, data, data_len, iv_len, icv_len);
+ mon_recv_decrypted_recv(dev, data, data_len);
else
mon_recv_encrypted(dev, data, data_len);
}
--
2.10.2

Next message: Ivan Safonov: "[PATCH 3/7] staging:r8188eu: inline unprotect_frame() in mon_recv_decrypted_recv()"
Previous message: Ivan Safonov: "[PATCH 6/7] staging:r8188eu: remove ieee80211_is_empty_essid()"
In reply to: Ivan Safonov: "[PATCH 6/7] staging:r8188eu: remove ieee80211_is_empty_essid()"
Next in thread: Ivan Safonov: "[PATCH 3/7] staging:r8188eu: inline unprotect_frame() in mon_recv_decrypted_recv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]