mirror of
https://github.com/lwfinger/rtl8188eu.git
synced 2024-09-19 15:47:06 +00:00
24b960c5c0
Routine rtw_get_sec_ie() appears to suffer from a bug triggered under unusual circumstances. This bug is exposed by first sending a deauthentication frame and at the same time sending a much larger frame. After doing some debugging the cause of the lockup of the CPU was that while rtw_get_sec_ie() attempts to read the beacon frame sent by the router/AP, the size of the beacon is changed since it is a reference and not a copy. By having a "rogue" beacon frame being very large which isn't normal and not considered in the design, the computer was stuck in an endless CPU lockup. Routine translate_scan(), which calls rtw_get_sec_ie() is protected by a spinlock. Add that spinlock around other calls of the routine. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> |
||
|---|---|---|
| .. | ||
| rtw_ap.c | ||
| rtw_br_ext.c | ||
| rtw_cmd.c | ||
| rtw_debug.c | ||
| rtw_efuse.c | ||
| rtw_ieee80211.c | ||
| rtw_io.c | ||
| rtw_ioctl_set.c | ||
| rtw_iol.c | ||
| rtw_led.c | ||
| rtw_mlme.c | ||
| rtw_mlme_ext.c | ||
| rtw_mp.c | ||
| rtw_mp_ioctl.c | ||
| rtw_p2p.c | ||
| rtw_pwrctrl.c | ||
| rtw_recv.c | ||
| rtw_rf.c | ||
| rtw_security.c | ||
| rtw_sreset.c | ||
| rtw_sta_mgt.c | ||
| rtw_wlan_util.c | ||
| rtw_xmit.c | ||