From 945cc3da40222406080f980358ef9da71b546fc8 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 13 Feb 2003 20:45:10 +0000 Subject: Plug mbuf leak when there is an IV mismatch during software decrypt. Found by dhartmei@; I thought he committed the fix but appearently not. Also make the debugging printf for IV mismatch more useful. --- sys/dev/ic/if_wi.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/sys/dev/ic/if_wi.c b/sys/dev/ic/if_wi.c index 9eb56413bba..87cd9542e1e 100644 --- a/sys/dev/ic/if_wi.c +++ b/sys/dev/ic/if_wi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wi.c,v 1.92 2003/02/12 21:49:05 markus Exp $ */ +/* $OpenBSD: if_wi.c,v 1.93 2003/02/13 20:45:09 millert Exp $ */ /* * Copyright (c) 1997, 1998, 1999 @@ -124,7 +124,7 @@ u_int32_t widebug = WIDEBUG; #if !defined(lint) && !defined(__OpenBSD__) static const char rcsid[] = - "$OpenBSD: if_wi.c,v 1.92 2003/02/12 21:49:05 markus Exp $"; + "$OpenBSD: if_wi.c,v 1.93 2003/02/13 20:45:09 millert Exp $"; #endif /* lint */ #ifdef foo @@ -720,6 +720,8 @@ wi_rxeof(sc) sizeof(struct ether_header), len)) { if (sc->sc_arpcom.ac_if.if_flags & IFF_DEBUG) printf(WI_PRT_FMT ": Error decrypting incoming packet.\n", WI_PRT_ARG(sc)); + m_freem(m); + ifp->if_ierrors++; return; } len -= IEEE80211_WEP_IVLEN + @@ -2138,8 +2140,9 @@ wi_do_hostdecrypt(struct wi_softc *sc, caddr_t buf, int len) if ((dat[0] != crc) && (dat[1] != crc >> 8) && (dat[2] != crc >> 16) && (dat[3] != crc >> 24)) { if (sc->sc_arpcom.ac_if.if_flags & IFF_DEBUG) - printf(WI_PRT_FMT ": wi_do_hostdecrypt: iv mismatch\n", - WI_PRT_ARG(sc)); + printf(WI_PRT_FMT ": wi_do_hostdecrypt: iv mismatch: " + "0x%02x%02x%02x%02x vs. 0x%x\n", WI_PRT_ARG(sc), + dat[3], dat[2], dat[1], dat[0], crc); return -1; } -- cgit v1.2.3