Date: Sun, 7 Feb 2010 09:00:12 GMT From: Alexander Egorenkov <egorenar@googlemail.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/143627: [ieee80211] A bug in ht_send_action_ba_addba causes net80211 to send malformed ADDBA response frames Message-ID: <201002070900.o1790CZn027128@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/143627; it has been noted by GNATS. From: Alexander Egorenkov <egorenar@googlemail.com> To: bug-followup@freebsd.org Cc: Subject: Re: kern/143627: [ieee80211] A bug in ht_send_action_ba_addba causes net80211 to send malformed ADDBA response frames Date: Sun, 7 Feb 2010 09:56:04 +0100 --00148530b918d1526d047efeda9b Content-Type: text/plain; charset=ISO-8859-1 Here is a simpler version of the fix. if (m != NULL) { *frm++ = category; *frm++ = action; *frm++ = args[0]; /* dialog token */ ADDSHORT(frm, args[1]); /* baparamset(ADDBA req) or status code(ADDBA resp) */ ADDSHORT(frm, args[2]); /* batimeout(ADDBA req) or baparamset(ADDBA resp) */ ADDSHORT(frm, args[3]); /* baseqctl(ADDBA req) or batimeout(ADDBA resp) */ m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); return ht_action_output(ni, m); } else { vap->iv_stats.is_tx_nobuf++; ieee80211_free_node(ni); return ENOMEM; } --00148530b918d1526d047efeda9b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Here is a simpler version of the fix.<br><br>if (m !=3D NULL) {<br>=A0=A0= =A0 *frm++ =3D category;<br>=A0=A0=A0 *frm++ =3D action;<br>=A0=A0=A0 *frm++ =3D args[0];=A0=A0 =A0 =A0 =A0 =A0 =A0=A0 /* dialog token */<br= >=A0=A0=A0 ADDSHORT(frm, args[1]); /* baparamset(ADDBA req) or status code(ADDBA = resp) */<br>=A0=A0=A0 ADDSHORT(frm, args[2]); /* batimeout(ADDBA req) or baparamset(ADDBA re= sp) */<br>=A0=A0=A0 ADDSHORT(frm, args[3]); /* baseqctl(ADDBA req) or batimeout(ADD= BA resp) */<br><br>=A0=A0=A0 m->m_pkthdr.len =3D m->m_len =3D frm - mtod(m, uint8_t *);<br>=A0= =A0=A0 return ht_action_output(ni, m);<br> } else {<br>=A0=A0=A0 vap->iv_stats.is_tx_nobuf++;<br>=A0=A0=A0 ieee80211_free_node(ni);<br>=A0=A0=A0 return ENOMEM;<br> }<br> --00148530b918d1526d047efeda9b--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002070900.o1790CZn027128>