diff options
author | Damien Bergamini <damien@cvs.openbsd.org> | 2008-04-17 18:16:06 +0000 |
---|---|---|
committer | Damien Bergamini <damien@cvs.openbsd.org> | 2008-04-17 18:16:06 +0000 |
commit | c80b29099f4e6b18aba5129b0bf8f3e96e9544f8 (patch) | |
tree | 38a1144415ea93877d7cb8eedc32cf3feb176841 | |
parent | 58bd3d5d1f8766fb6f7af3e51dc4bf9ea504389a (diff) |
do not blindly call ieee80211_get_hdrlen() in rt2860_rx_intr().
we may end up passing control frames (ps-poll or others) which
is not supported by ieee80211_get_hdrlen().
first found by pedro la peu, reminded by jsg@
closes kernel/5750
-rw-r--r-- | sys/dev/ic/rt2860.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/dev/ic/rt2860.c b/sys/dev/ic/rt2860.c index 82c085e6a4e..65d2205d0ac 100644 --- a/sys/dev/ic/rt2860.c +++ b/sys/dev/ic/rt2860.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rt2860.c,v 1.12 2008/04/16 18:32:15 damien Exp $ */ +/* $OpenBSD: rt2860.c,v 1.13 2008/04/17 18:16:05 damien Exp $ */ /*- * Copyright (c) 2007 @@ -997,7 +997,6 @@ rt2860_rx_intr(struct rt2860_softc *sc) struct ieee80211_frame *wh; struct ieee80211_node *ni; struct mbuf *m, *mnew; - u_int hdrlen; uint8_t ant, rssi; int error; #if NBPFILTER > 0 @@ -1081,10 +1080,10 @@ rt2860_rx_intr(struct rt2860_softc *sc) m->m_pkthdr.len = m->m_len = letoh16(rxwi->len) & 0xfff; wh = mtod(m, struct ieee80211_frame *); - hdrlen = ieee80211_get_hdrlen(wh); /* HW may insert 2 padding bytes after 802.11 header */ if (letoh32(rxd->flags) & RT2860_RX_L2PAD) { + u_int hdrlen = ieee80211_get_hdrlen(wh); ovbcopy(wh, (caddr_t)wh + 2, hdrlen); m->m_data += 2; wh = mtod(m, struct ieee80211_frame *); |