From: Bob Copeland <me@bobcopeland.com>
Date: Tue, 5 Nov 2013 19:16:49 +0000 (-0800)
Subject: mac80211: fix off-by-one in llid check.
X-Git-Tag: firefly_0821_release~176^2~4570^2~3^2^2~293
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=3cde38e7f3491ea62429556149713b7a875c9ac2;p=firefly-linux-kernel-4.4.55.git

mac80211: fix off-by-one in llid check.

According to IEEE 802.11-2012 (8.4.2.104), no peering
management element exists with length 7. This code is checking
to see if llid is present to ignore close frames with different
llid, which would be IEs with length 8.

Signed-off-by: Bob Copeland <bob@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 4301aa5aa227..a8c75c1c66b5 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -825,7 +825,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata,
 				event = CLS_ACPT;
 			else if (sta->plid != plid)
 				event = CLS_IGNR;
-			else if (ie_len == 7 && sta->llid != llid)
+			else if (ie_len == 8 && sta->llid != llid)
 				event = CLS_IGNR;
 			else
 				event = CLS_ACPT;