[IrDA]: Frame length validation.
[linux-2.6.git] / net / irda / irlap_event.c
index 6d3aff8..6af86eb 100644 (file)
@@ -1199,6 +1199,19 @@ static int irlap_state_nrm_p(struct irlap_cb *self, IRLAP_EVENT event,
 
        switch (event) {
        case RECV_I_RSP: /* Optimize for the common case */
+               if (unlikely(skb->len <= LAP_ADDR_HEADER + LAP_CTRL_HEADER)) {
+                       /*
+                        * Input validation check: a stir4200/mcp2150
+                        * combination sometimes results in an empty i:rsp.
+                        * This makes no sense; we can just ignore the frame
+                        * and send an rr:cmd immediately. This happens before
+                        * changing nr or ns so triggers a retransmit
+                        */
+                       irlap_wait_min_turn_around(self, &self->qos_tx);
+                       irlap_send_rr_frame(self, CMD_FRAME);
+                       /* Keep state */
+                       break;
+               }
                /* FIXME: must check for remote_busy below */
 #ifdef CONFIG_IRDA_FAST_RR
                /*