diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2009-08-24 11:46:30 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-08-28 14:40:41 -0400 |
commit | 77a980dc6c4674fc7741d72b9775135669318d8d (patch) | |
tree | be8a359a42002eda0553c0fe046a4a7f0e62e3a8 /net/mac80211/rx.c | |
parent | 0448b5fc032ea76096eb3cfbe3196b3c01b08b86 (diff) | |
download | kernel-crypto-77a980dc6c4674fc7741d72b9775135669318d8d.tar.gz kernel-crypto-77a980dc6c4674fc7741d72b9775135669318d8d.tar.xz kernel-crypto-77a980dc6c4674fc7741d72b9775135669318d8d.zip |
mac80211: fix RX skb leaks
In mac80211's RX path some of the warnings that
warn about drivers passing invalid status values
leak the skb, fix that by refactoring the code.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r-- | net/mac80211/rx.c | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index b98f1afbfeb..c01588f9d45 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2447,17 +2447,13 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb) struct ieee80211_supported_band *sband; struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); - if (status->band < 0 || - status->band >= IEEE80211_NUM_BANDS) { - WARN_ON(1); - return; - } + if (WARN_ON(status->band < 0 || + status->band >= IEEE80211_NUM_BANDS)) + goto drop; sband = local->hw.wiphy->bands[status->band]; - if (!sband) { - WARN_ON(1); - return; - } + if (WARN_ON(!sband)) + goto drop; /* * If we're suspending, it is possible although not too likely @@ -2466,25 +2462,21 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb) * that might, for example, cause stations to be added or other * driver callbacks be invoked. */ - if (unlikely(local->quiescing || local->suspended)) { - kfree_skb(skb); - return; - } + if (unlikely(local->quiescing || local->suspended)) + goto drop; /* * The same happens when we're not even started, * but that's worth a warning. */ - if (WARN_ON(!local->started)) { - kfree_skb(skb); - return; - } + if (WARN_ON(!local->started)) + goto drop; if (status->flag & RX_FLAG_HT) { /* rate_idx is MCS index */ if (WARN_ON(status->rate_idx < 0 || status->rate_idx >= 76)) - return; + goto drop; /* HT rates are not in the table - use the highest legacy rate * for now since other parts of mac80211 may not yet be fully * MCS aware. */ @@ -2492,7 +2484,7 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb) } else { if (WARN_ON(status->rate_idx < 0 || status->rate_idx >= sband->n_bitrates)) - return; + goto drop; rate = &sband->bitrates[status->rate_idx]; } @@ -2531,6 +2523,10 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb) __ieee80211_rx_handle_packet(hw, skb, rate); rcu_read_unlock(); + + return; + drop: + kfree_skb(skb); } EXPORT_SYMBOL(ieee80211_rx); |