Page MenuHomeFreeBSD
Files F154432788

D3610.id8614.diff
No OneTemporary
Actions

D3610.id8614.diff
View Options

Index: sys/dev/usb/wlan/if_rum.c
===================================================================
--- sys/dev/usb/wlan/if_rum.c
+++ sys/dev/usb/wlan/if_rum.c
@@ -851,6 +851,7 @@
{
struct rum_softc *sc = usbd_xfer_softc(xfer);
struct ieee80211com *ic = &sc->sc_ic;
+ struct ieee80211_frame_min *wh;
struct ieee80211_node *ni;
struct mbuf *m = NULL;
struct usb_page_cache *pc;
@@ -898,6 +899,8 @@
usbd_copy_out(pc, RT2573_RX_DESC_SIZE,
mtod(m, uint8_t *), len);
+ wh = mtod(m, struct ieee80211_frame_min *);
+
/* finalize mbuf */
m->m_pkthdr.len = m->m_len = (flags >> 16) & 0xfff;
@@ -926,8 +929,11 @@
*/
RUM_UNLOCK(sc);
if (m) {
- ni = ieee80211_find_rxnode(ic,
- mtod(m, struct ieee80211_frame_min *));
+ if (m->m_len >= sizeof(struct ieee80211_frame_min))
+ ni = ieee80211_find_rxnode(ic, wh);
+ else
+ ni = NULL;
+
if (ni != NULL) {
(void) ieee80211_input(ni, m, rssi,
RT2573_NOISE_FLOOR);

File Metadata

Mime Type
text/plain
Expires
Wed, Apr 29, 12:46 PM (5 h, 15 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
32348278
Default Alt Text
D3610.id8614.diff (974 B)

Event Timeline