diff options
| author | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2002-10-18 03:46:36 +0000 |
|---|---|---|
| committer | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2002-10-18 03:46:36 +0000 |
| commit | ce098d042bd11bd6fa88e9e9f27688027d017fa0 (patch) | |
| tree | 8e76f338649773c6922785cff4261011e842d595 /sys/dev/ic | |
| parent | 083aaef79a49ecfd1ba65c8b4d949aacaa8a2f34 (diff) | |
Account for the aligned m_data when checking boundaries; from NetBSD.
mickey and millert ok.
Diffstat (limited to 'sys/dev/ic')
| -rw-r--r-- | sys/dev/ic/if_wi.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sys/dev/ic/if_wi.c b/sys/dev/ic/if_wi.c index 70330720c1f..8131c62dc2c 100644 --- a/sys/dev/ic/if_wi.c +++ b/sys/dev/ic/if_wi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wi.c,v 1.85 2002/10/18 03:35:56 fgsch Exp $ */ +/* $OpenBSD: if_wi.c,v 1.86 2002/10/18 03:46:35 fgsch Exp $ */ /* * Copyright (c) 1997, 1998, 1999 @@ -124,7 +124,7 @@ u_int32_t widebug = WIDEBUG; #if !defined(lint) && !defined(__OpenBSD__) static const char rcsid[] = - "$OpenBSD: if_wi.c,v 1.85 2002/10/18 03:35:56 fgsch Exp $"; + "$OpenBSD: if_wi.c,v 1.86 2002/10/18 03:46:35 fgsch Exp $"; #endif /* lint */ #ifdef foo @@ -466,7 +466,9 @@ wi_rxeof(sc) struct ifnet *ifp; struct ether_header *eh; struct mbuf *m; + caddr_t olddata; u_int16_t msg_type; + int maxlen; int id; ifp = &sc->sc_arpcom.ac_if; @@ -589,11 +591,13 @@ wi_rxeof(sc) return; } + olddata = m->m_data; /* Align the data after the ethernet header */ m->m_data = (caddr_t)ALIGN(m->m_data + sizeof(struct ether_header)) - sizeof(struct ether_header); eh = mtod(m, struct ether_header *); + maxlen = MCLBYTES - (m->m_data - olddata); m->m_pkthdr.rcvif = ifp; if (msg_type == WI_STAT_MGMT && @@ -601,7 +605,7 @@ wi_rxeof(sc) u_int16_t rxlen = letoh16(rx_frame.wi_dat_len); - if ((WI_802_11_OFFSET_RAW + rxlen + 2) > MCLBYTES) { + if ((WI_802_11_OFFSET_RAW + rxlen + 2) > maxlen) { printf("%s: oversized mgmt packet received in " "hostap mode (wi_dat_len=%d, " "wi_status=0x%x)\n", sc->sc_dev.dv_xname, @@ -639,7 +643,7 @@ wi_rxeof(sc) case WI_STAT_TUNNEL: case WI_STAT_WMP_MSG: if ((letoh16(rx_frame.wi_dat_len) + WI_SNAPHDR_LEN) > - MCLBYTES) { + maxlen) { printf(WI_PRT_FMT ": oversized packet received " "(wi_dat_len=%d, wi_status=0x%x)\n", WI_PRT_ARG(sc), @@ -669,7 +673,7 @@ wi_rxeof(sc) break; default: if ((letoh16(rx_frame.wi_dat_len) + - sizeof(struct ether_header)) > MCLBYTES) { + sizeof(struct ether_header)) > maxlen) { printf(WI_PRT_FMT ": oversized packet received " "(wi_dat_len=%d, wi_status=0x%x)\n", WI_PRT_ARG(sc), |