summaryrefslogtreecommitdiff
path: root/sys/dev
diff options
context:
space:
mode:
authorFederico G. Schwindt <fgsch@cvs.openbsd.org>2002-10-18 03:46:36 +0000
committerFederico G. Schwindt <fgsch@cvs.openbsd.org>2002-10-18 03:46:36 +0000
commitce098d042bd11bd6fa88e9e9f27688027d017fa0 (patch)
tree8e76f338649773c6922785cff4261011e842d595 /sys/dev
parent083aaef79a49ecfd1ba65c8b4d949aacaa8a2f34 (diff)
Account for the aligned m_data when checking boundaries; from NetBSD.
mickey and millert ok.
Diffstat (limited to 'sys/dev')
-rw-r--r--sys/dev/ic/if_wi.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/sys/dev/ic/if_wi.c b/sys/dev/ic/if_wi.c
index 70330720c1f..8131c62dc2c 100644
--- a/sys/dev/ic/if_wi.c
+++ b/sys/dev/ic/if_wi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_wi.c,v 1.85 2002/10/18 03:35:56 fgsch Exp $ */
+/* $OpenBSD: if_wi.c,v 1.86 2002/10/18 03:46:35 fgsch Exp $ */
/*
* Copyright (c) 1997, 1998, 1999
@@ -124,7 +124,7 @@ u_int32_t widebug = WIDEBUG;
#if !defined(lint) && !defined(__OpenBSD__)
static const char rcsid[] =
- "$OpenBSD: if_wi.c,v 1.85 2002/10/18 03:35:56 fgsch Exp $";
+ "$OpenBSD: if_wi.c,v 1.86 2002/10/18 03:46:35 fgsch Exp $";
#endif /* lint */
#ifdef foo
@@ -466,7 +466,9 @@ wi_rxeof(sc)
struct ifnet *ifp;
struct ether_header *eh;
struct mbuf *m;
+ caddr_t olddata;
u_int16_t msg_type;
+ int maxlen;
int id;
ifp = &sc->sc_arpcom.ac_if;
@@ -589,11 +591,13 @@ wi_rxeof(sc)
return;
}
+ olddata = m->m_data;
/* Align the data after the ethernet header */
m->m_data = (caddr_t)ALIGN(m->m_data +
sizeof(struct ether_header)) - sizeof(struct ether_header);
eh = mtod(m, struct ether_header *);
+ maxlen = MCLBYTES - (m->m_data - olddata);
m->m_pkthdr.rcvif = ifp;
if (msg_type == WI_STAT_MGMT &&
@@ -601,7 +605,7 @@ wi_rxeof(sc)
u_int16_t rxlen = letoh16(rx_frame.wi_dat_len);
- if ((WI_802_11_OFFSET_RAW + rxlen + 2) > MCLBYTES) {
+ if ((WI_802_11_OFFSET_RAW + rxlen + 2) > maxlen) {
printf("%s: oversized mgmt packet received in "
"hostap mode (wi_dat_len=%d, "
"wi_status=0x%x)\n", sc->sc_dev.dv_xname,
@@ -639,7 +643,7 @@ wi_rxeof(sc)
case WI_STAT_TUNNEL:
case WI_STAT_WMP_MSG:
if ((letoh16(rx_frame.wi_dat_len) + WI_SNAPHDR_LEN) >
- MCLBYTES) {
+ maxlen) {
printf(WI_PRT_FMT ": oversized packet received "
"(wi_dat_len=%d, wi_status=0x%x)\n",
WI_PRT_ARG(sc),
@@ -669,7 +673,7 @@ wi_rxeof(sc)
break;
default:
if ((letoh16(rx_frame.wi_dat_len) +
- sizeof(struct ether_header)) > MCLBYTES) {
+ sizeof(struct ether_header)) > maxlen) {
printf(WI_PRT_FMT ": oversized packet received "
"(wi_dat_len=%d, wi_status=0x%x)\n",
WI_PRT_ARG(sc),