On Thu, Jul 6, 2017 at 10:11 AM, Arend van Spriel
<arend.vanspriel@xxxxxxxxxxxx> wrote:
>
> Looks fine to me so ...
I really think that if we can't trust 'len', then we have to check
against the lower bound of DOT11_MGMT_HDR_LEN too, because otherwise
we'll just have a big 16-bit number instead.
And we should do that brcmf_err() that I had in my version, which also
let's people know they are being attacked.
Linus
