Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 Oct 2010 11:26:22 +0000 (UTC)
From:      Bernhard Schmidt <bschmidt@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r214236 - head/sys/dev/iwi
Message-ID:  <201010231126.o9NBQMod085606@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bschmidt
Date: Sat Oct 23 11:26:22 2010
New Revision: 214236
URL: http://svn.freebsd.org/changeset/base/214236

Log:
  The firmware does pad notifications to an even number of bytes (at least
  the association notification), the included information though always
  contains an elem block with an odd number of bytes. We handle the last
  byte as if it might contain a whole elem block, this of course is not
  true as one byte is not enough to hold a block, we therefore discard the
  complete frame. The solution here is to subtract one from the actual
  notification length, this is also what the Linux driver does. With this
  change the frames ends exactly where the last elem block ends.
  
  This commit also reverts r214160 which is no longer required and now even
  wrong.
  
  MFC after:	1 week

Modified:
  head/sys/dev/iwi/if_iwi.c

Modified: head/sys/dev/iwi/if_iwi.c
==============================================================================
--- head/sys/dev/iwi/if_iwi.c	Sat Oct 23 10:46:11 2010	(r214235)
+++ head/sys/dev/iwi/if_iwi.c	Sat Oct 23 11:26:22 2010	(r214236)
@@ -1356,7 +1356,7 @@ iwi_checkforqos(struct ieee80211vap *vap
 
 	wme = NULL;
 	while (frm < efrm) {
-		IEEE80211_VERIFY_LENGTH(efrm - frm, frm[1], break);
+		IEEE80211_VERIFY_LENGTH(efrm - frm, frm[1], return);
 		switch (*frm) {
 		case IEEE80211_ELEMID_VENDOR:
 			if (iswmeoui(frm))
@@ -1483,7 +1483,7 @@ iwi_notification_intr(struct iwi_softc *
 			IWI_STATE_END(sc, IWI_FW_ASSOCIATING);
 			iwi_checkforqos(vap,
 			    (const struct ieee80211_frame *)(assoc+1),
-			    le16toh(notif->len) - sizeof(*assoc));
+			    le16toh(notif->len) - sizeof(*assoc) - 1);
 			ieee80211_new_state(vap, IEEE80211_S_RUN, -1);
 			break;
 		case IWI_ASSOC_INIT:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010231126.o9NBQMod085606>