Home Explore Help
Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

add extra sanity checks in madwifi

SVN-Revision: 10266
Felix Fietkau 18 years ago
parent
5411061a03
commit
d7b86662f7
1 changed files with 61 additions and 0 deletions
Split View Show Diff Stats
  1. 61 0
      package/madwifi/patches/316-skb_checks.patch

+ 61 - 0
package/madwifi/patches/316-skb_checks.patch
View File 

@@ -0,0 +1,61 @@
 
+Index: madwifi-dfs-r3252/net80211/ieee80211_input.c
 
+===================================================================
 
+--- madwifi-dfs-r3252.orig/net80211/ieee80211_input.c	2008-01-26 05:14:46.815962139 +0100
 
++++ madwifi-dfs-r3252/net80211/ieee80211_input.c	2008-01-26 05:18:37.005079863 +0100
 
+@@ -740,8 +740,10 @@
 
+ 
+ 			skb1 = skb_copy(skb, GFP_ATOMIC);
 
+ 			/* Increment reference count after copy */
 
+-			if (skb1 != NULL)
 
+-				ieee80211_skb_copy_noderef(skb, skb1);
 
++			if (skb1 == NULL)
 
++				goto err;
 
++
 
++			ieee80211_skb_copy_noderef(skb, skb1);
 
+ 
+ 			/* we now have 802.3 MAC hdr followed by 802.2 LLC/SNAP; convert to EthernetII.
 
+ 			 * Note that the frame is at least IEEE80211_MIN_LEN, due to the driver code. */
 
+@@ -1055,9 +1057,11 @@
 
+ 				 * assemble fragments
 
+ 				 */
 
+ 				ni->ni_rxfrag = skb_copy(skb, GFP_ATOMIC);
 
+-				/* We duplicate the reference after skb_copy */
 
+-				ieee80211_skb_copy_noderef(skb, ni->ni_rxfrag);
 
+-				ieee80211_dev_kfree_skb(&skb);
 
++				if (ni->ni_rxfrag) {
 
++					/* We duplicate the reference after skb_copy */
 
++					ieee80211_skb_copy_noderef(skb, ni->ni_rxfrag);
 
++					ieee80211_dev_kfree_skb(&skb);
 
++				}
 
+ 			}
 
+ 			/*
 
+ 			 * Check that we have enough space to hold
 
+@@ -1071,7 +1075,7 @@
 
+ 					(skb_end_pointer(skb) - skb->head),
 
+ 					GFP_ATOMIC);
 
+ 				/* We duplicate the reference after skb_copy */
 
+-				if (skb != ni->ni_rxfrag)
 
++				if ((skb != ni->ni_rxfrag) && ni->ni_rxfrag)
 
+ 					ieee80211_skb_copy_noderef(skb, ni->ni_rxfrag);
 
+ 				ieee80211_dev_kfree_skb(&skb);
 
+ 			}
 
+@@ -1134,7 +1138,8 @@
 
+ 		if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
 
+ 			skb1 = skb_copy(skb, GFP_ATOMIC);
 
+ 			/* Use the BSS node for retransmitting this multicast frame */
 
+-			SKB_CB(skb1)->ni = ieee80211_ref_node(vap->iv_bss);
 
++			if (skb1)
 
++				SKB_CB(skb1)->ni = ieee80211_ref_node(vap->iv_bss);
 
+ 		}
 
+ 		else {
 
+ 			/*
 
+@@ -1277,6 +1282,9 @@
 
+ 
+ 		/* XXX: does this always work? */
 
+ 		tskb = skb_copy(skb, GFP_ATOMIC);
 
++		if (!tskb)
 
++			return skb;
 
++
 
+ 		/* We duplicate the reference after skb_copy */
 
+ 		ieee80211_skb_copy_noderef(skb, tskb);
 
+ 		ieee80211_dev_kfree_skb(&skb);