summaryrefslogtreecommitdiffstats
path: root/net/irda/irlap_event.c
diff options
context:
space:
mode:
authorRobie Basak <rb-oss-1@justgohome.co.uk>2008-01-18 23:58:44 -0800
committerDavid S. Miller <davem@davemloft.net>2008-01-28 15:08:09 -0800
commit5d780cd6585d242d9592a479fe75a007fd75155d (patch)
treed0cb1ed0a2391e9a5efb746c37ff69fd6848f481 /net/irda/irlap_event.c
parent6d97b53e92af822890b87818c99820df47fc589b (diff)
downloadlinux-5d780cd6585d242d9592a479fe75a007fd75155d.tar.gz
linux-5d780cd6585d242d9592a479fe75a007fd75155d.tar.bz2
linux-5d780cd6585d242d9592a479fe75a007fd75155d.zip
[IrDA]: Frame length validation.
When using a stir4200-based USB adaptor to talk to a device that uses an mcp2150, the stir4200 sometimes drops an incoming frame causing the mcp2150 to try and retransmit the lost frame. In this combination, the next frame received from the mcp2150 is often invalid - either an empty i:rsp or an IrCOMM i:rsp with an invalid clen. These corner cases are now checked. Signed-off-by: Robie Basak <rb-oss-1@justgohome.co.uk> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/irda/irlap_event.c')
-rw-r--r--net/irda/irlap_event.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/net/irda/irlap_event.c b/net/irda/irlap_event.c
index 6d3aff862dc2..6af86eba7463 100644
--- a/net/irda/irlap_event.c
+++ b/net/irda/irlap_event.c
@@ -1199,6 +1199,19 @@ static int irlap_state_nrm_p(struct irlap_cb *self, IRLAP_EVENT event,
switch (event) {
case RECV_I_RSP: /* Optimize for the common case */
+ if (unlikely(skb->len <= LAP_ADDR_HEADER + LAP_CTRL_HEADER)) {
+ /*
+ * Input validation check: a stir4200/mcp2150
+ * combination sometimes results in an empty i:rsp.
+ * This makes no sense; we can just ignore the frame
+ * and send an rr:cmd immediately. This happens before
+ * changing nr or ns so triggers a retransmit
+ */
+ irlap_wait_min_turn_around(self, &self->qos_tx);
+ irlap_send_rr_frame(self, CMD_FRAME);
+ /* Keep state */
+ break;
+ }
/* FIXME: must check for remote_busy below */
#ifdef CONFIG_IRDA_FAST_RR
/*