diff options
| author | Alexander Aring <aar@pengutronix.de> | 2016-02-19 09:59:11 +0100 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2016-02-23 20:29:39 +0100 |
| commit | 07b0188adf7298bf80a9890d3e90f27e973623d3 (patch) | |
| tree | 52b9db9f285661fff1a2642f208d781a6bd5b63c /include/net/mac802154.h | |
| parent | MAINTAINERS: update 802.15.4 entries (diff) | |
| download | linux-07b0188adf7298bf80a9890d3e90f27e973623d3.tar.xz linux-07b0188adf7298bf80a9890d3e90f27e973623d3.zip | |
mac802154: fix mac header length check
I got report about that sometimes the WARN_ON occurs there which should
never happen. I came to the conclusion that the mac header is there but
inside the headroom of skb. The skb->len information doesn't contain the
information about the headroom length and skb->len is lesser than two.
We check now if the skb_mac_header pointer is set and the room between
mac header pointer and tail pointer.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'include/net/mac802154.h')
| -rw-r--r-- | include/net/mac802154.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/net/mac802154.h b/include/net/mac802154.h index da574bbdc333..2e3cdd2048d2 100644 --- a/include/net/mac802154.h +++ b/include/net/mac802154.h @@ -247,8 +247,9 @@ struct ieee802154_ops { */ static inline __le16 ieee802154_get_fc_from_skb(const struct sk_buff *skb) { - /* return some invalid fc on failure */ - if (unlikely(skb->len < 2)) { + /* check if we can fc at skb_mac_header of sk buffer */ + if (unlikely(!skb_mac_header_was_set(skb) || + (skb_tail_pointer(skb) - skb_mac_header(skb)) < 2)) { WARN_ON(1); return cpu_to_le16(0); } |