From patchwork Thu Aug 22 13:53:33 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 2848258
Return-Path: <linux-wireless-owner@kernel.org>
X-Original-To: patchwork-linux-wireless@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 5A8779F271
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu, 22 Aug 2013 13:53:44 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 4835F205D0
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu, 22 Aug 2013 13:53:43 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 5F9C4205CC
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu, 22 Aug 2013 13:53:38 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752507Ab3HVNxg (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Thu, 22 Aug 2013 09:53:36 -0400
Received: from mail-oa0-f46.google.com ([209.85.219.46]:41537 "EHLO
	mail-oa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752251Ab3HVNxg (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Thu, 22 Aug 2013 09:53:36 -0400
Received: by mail-oa0-f46.google.com with SMTP id j10so3401032oah.5
	for <linux-wireless@vger.kernel.org>;
	Thu, 22 Aug 2013 06:53:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=zoXbl7agHsBtS2aiDnXYy63DRvrH5zCtWAGPsHz0W2Y=;
	b=WyJEGUJLfEeLkxGW0OXr392D/Wi0xOjcB+ZhdmHOukZctlRbfn2PBR4divrFfC5cgn
	PYOxe/1NZnYnwkKadMcJNhSLAbmP9tDj+sv5QR7kRunJfM4lEOP/j9uVAAbPHpHTXyL5
	A78CzYjNvHsVeIcm8qis2rnyEjfipq1RpexgGZLqDOcIu0wCCcFCbPzHRciIjascJgEO
	XB3waRgGRVqPQb+8FTCuXOdcK6SNWgcSw81GvWzgNQXg26laPUilcGJJHpXBy3SzDsWg
	cGGvAXlYQFy6uYBh7HweFlIbGQ6R0b7jT+KVhGh6QD8b4M3MpRFCI3ZNpBnXfVQUSPuE
	d6gg==
X-Gm-Message-State: 
 ALoCoQkS3lj3ptfpRESCO1fTgDadJF5S9kzK0O9KCAo8i7iBjz39bRBj52t71fRi+ArxcERrcMyf
X-Received: by 10.60.15.106 with SMTP id w10mr2575745oec.82.1377179615537;
	Thu, 22 Aug 2013 06:53:35 -0700 (PDT)
Received: from localhost (64-126-112-59.dyn.everestkc.net. [64.126.112.59])
	by mx.google.com with ESMTPSA id
	d3sm18888133oek.5.1969.12.31.16.00.00
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Thu, 22 Aug 2013 06:53:35 -0700 (PDT)
From: Seth Forshee <seth.forshee@canonical.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org,
	"John W. Linville" <linville@tuxdriver.com>
Subject: [PATCH] mac80211: ignore obviously bogus ECSAs in probe response
	frames
Date: Thu, 22 Aug 2013 08:53:33 -0500
Message-Id: <1377179613-26591-1-git-send-email-seth.forshee@canonical.com>
X-Mailer: git-send-email 1.8.1.2
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Spam-Status: No, score=-9.7 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The Netgear WNDAP360 sends invalid ECSA IEs in probe response
frames which have the operating class and channel number fields
set to 0, even when no channel switch is pending. mac80211
responds to invalid ECSAs by disconnecting. The result is that
every scan when associated to one of these APs triggers a
disconnect.

Since these ECSAs are obviously bogus, ignore them in probe
response and beacon frames. Do not disconnect.

Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 net/mac80211/mlme.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index cc9e02d..f921b67 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1054,6 +1054,13 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
 		if (!ieee80211_operating_class_to_band(
 				elems->ext_chansw_ie->new_operating_class,
 				&new_band)) {
+			/*
+			 * Some APs send invalid ECSA IEs in probe response
+			 * frames, so check for these and ignore them.
+			 */
+			if (beacon && elems->ext_chansw_ie->new_ch_num == 0 &&
+			    elems->ext_chansw_ie->new_operating_class == 0)
+				return;
 			sdata_info(sdata,
 				   "cannot understand ECSA IE operating class %d, disconnecting\n",
 				   elems->ext_chansw_ie->new_operating_class);