mirror of
https://github.com/lwfinger/rtl8188eu.git
synced 2024-11-24 13:33:45 +00:00
24b960c5c0
Routine rtw_get_sec_ie() appears to suffer from a bug triggered under unusual circumstances. This bug is exposed by first sending a deauthentication frame and at the same time sending a much larger frame. After doing some debugging the cause of the lockup of the CPU was that while rtw_get_sec_ie() attempts to read the beacon frame sent by the router/AP, the size of the beacon is changed since it is a reference and not a copy. By having a "rogue" beacon frame being very large which isn't normal and not considered in the design, the computer was stuck in an endless CPU lockup. Routine translate_scan(), which calls rtw_get_sec_ie() is protected by a spinlock. Add that spinlock around other calls of the routine. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> |
||
---|---|---|
.. | ||
rtw_ap.c | ||
rtw_br_ext.c | ||
rtw_cmd.c | ||
rtw_debug.c | ||
rtw_efuse.c | ||
rtw_ieee80211.c | ||
rtw_io.c | ||
rtw_ioctl_set.c | ||
rtw_iol.c | ||
rtw_led.c | ||
rtw_mlme.c | ||
rtw_mlme_ext.c | ||
rtw_mp.c | ||
rtw_mp_ioctl.c | ||
rtw_p2p.c | ||
rtw_pwrctrl.c | ||
rtw_recv.c | ||
rtw_rf.c | ||
rtw_security.c | ||
rtw_sreset.c | ||
rtw_sta_mgt.c | ||
rtw_wlan_util.c | ||
rtw_xmit.c |