summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordamien <damien@openbsd.org>2008-04-17 18:16:05 +0000
committerdamien <damien@openbsd.org>2008-04-17 18:16:05 +0000
commit6be8f8a22be42e44bbe64c1ea32143476fa25aba (patch)
tree7dff03dd98adcd3a656a9c463fab5dffcb204bbc
parentcall ieee80211_crc_init() only once, when the first 802.11 device (diff)
downloadwireguard-openbsd-6be8f8a22be42e44bbe64c1ea32143476fa25aba.tar.xz
wireguard-openbsd-6be8f8a22be42e44bbe64c1ea32143476fa25aba.zip
do not blindly call ieee80211_get_hdrlen() in rt2860_rx_intr().
we may end up passing control frames (ps-poll or others) which is not supported by ieee80211_get_hdrlen(). first found by pedro la peu, reminded by jsg@ closes kernel/5750
Diffstat
-rw-r--r--sys/dev/ic/rt2860.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/dev/ic/rt2860.c b/sys/dev/ic/rt2860.c
index 82c085e6a4e..65d2205d0ac 100644
--- a/sys/dev/ic/rt2860.c
+++ b/sys/dev/ic/rt2860.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rt2860.c,v 1.12 2008/04/16 18:32:15 damien Exp $ */
+/* $OpenBSD: rt2860.c,v 1.13 2008/04/17 18:16:05 damien Exp $ */
/*-
* Copyright (c) 2007
@@ -997,7 +997,6 @@ rt2860_rx_intr(struct rt2860_softc *sc)
struct ieee80211_frame *wh;
struct ieee80211_node *ni;
struct mbuf *m, *mnew;
- u_int hdrlen;
uint8_t ant, rssi;
int error;
#if NBPFILTER > 0
@@ -1081,10 +1080,10 @@ rt2860_rx_intr(struct rt2860_softc *sc)
m->m_pkthdr.len = m->m_len = letoh16(rxwi->len) & 0xfff;
wh = mtod(m, struct ieee80211_frame *);
- hdrlen = ieee80211_get_hdrlen(wh);
/* HW may insert 2 padding bytes after 802.11 header */
if (letoh32(rxd->flags) & RT2860_RX_L2PAD) {
+ u_int hdrlen = ieee80211_get_hdrlen(wh);
ovbcopy(wh, (caddr_t)wh + 2, hdrlen);
m->m_data += 2;
wh = mtod(m, struct ieee80211_frame *);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.