This patch adds a generic valid frame length check function helper. This
is useful to check the length field after receiving. For example the
at86rf231 doesn't filter invalid frame length. Sometimes the CRC can be
also correct. If we get the lqi value with a invalid frame length the
kernel can be crash, because we dereference an invalid pointer.
Signed-off-by: Alexander Aring <alex.aring@xxxxxxxxx>
---
include/net/ieee802154.h | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/net/ieee802154.h b/include/net/ieee802154.h
index 0aa7122..185260b 100644
--- a/include/net/ieee802154.h
+++ b/include/net/ieee802154.h
@@ -28,6 +28,7 @@
#define NET_IEEE802154_H
#define IEEE802154_MTU 127
+#define IEEE802154_MIN_FRAME_SIZE 5
#define IEEE802154_FC_TYPE_BEACON 0x0 /* Frame is beacon */
#define IEEE802154_FC_TYPE_DATA 0x1 /* Frame is data */
@@ -189,7 +190,12 @@ enum {
IEEE802154_SCAN_IN_PROGRESS = 0xfc,
};
+static inline bool ieee802154_is_valid_frame_len(const u8 len)
+{
+ if (unlikely(len > IEEE802154_MTU || len < IEEE802154_MIN_FRAME_SIZE))
+ return false;
-#endif
-
+ return true;
+}
+#endif
--
2.0.3
--
To unsubscribe from this list: send the line "unsubscribe linux-wpan" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
