kern/143627: [ieee80211] A bug in ht_send_action_ba_addba
causes net80211 to send malformed ADDBA response frames
Alexander Egorenkov
egorenar at googlemail.com
Sun Feb 7 09:00:12 UTC 2010
The following reply was made to PR kern/143627; it has been noted by GNATS.
From: Alexander Egorenkov <egorenar at googlemail.com>
To: bug-followup at freebsd.org
Cc:
Subject: Re: kern/143627: [ieee80211] A bug in ht_send_action_ba_addba causes
net80211 to send malformed ADDBA response frames
Date: Sun, 7 Feb 2010 09:56:04 +0100
--00148530b918d1526d047efeda9b
Content-Type: text/plain; charset=ISO-8859-1
Here is a simpler version of the fix.
if (m != NULL) {
*frm++ = category;
*frm++ = action;
*frm++ = args[0]; /* dialog token */
ADDSHORT(frm, args[1]); /* baparamset(ADDBA req) or status code(ADDBA
resp) */
ADDSHORT(frm, args[2]); /* batimeout(ADDBA req) or baparamset(ADDBA
resp) */
ADDSHORT(frm, args[3]); /* baseqctl(ADDBA req) or batimeout(ADDBA resp)
*/
m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
return ht_action_output(ni, m);
} else {
vap->iv_stats.is_tx_nobuf++;
ieee80211_free_node(ni);
return ENOMEM;
}
--00148530b918d1526d047efeda9b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Here is a simpler version of the fix.<br><br>if (m !=3D NULL) {<br>=A0=A0=
=A0
*frm++ =3D category;<br>=A0=A0=A0
*frm++ =3D action;<br>=A0=A0=A0
*frm++ =3D args[0];=A0=A0 =A0 =A0 =A0 =A0 =A0=A0 /* dialog token */<br=
>=A0=A0=A0
ADDSHORT(frm, args[1]); /* baparamset(ADDBA req) or status code(ADDBA =
resp) */<br>=A0=A0=A0
ADDSHORT(frm, args[2]); /* batimeout(ADDBA req) or baparamset(ADDBA re=
sp) */<br>=A0=A0=A0
ADDSHORT(frm, args[3]); /* baseqctl(ADDBA req) or batimeout(ADD=
BA resp) */<br><br>=A0=A0=A0
m->m_pkthdr.len =3D m->m_len =3D frm - mtod(m, uint8_t *);<br>=A0=
=A0=A0
return ht_action_output(ni, m);<br>
} else {<br>=A0=A0=A0
vap->iv_stats.is_tx_nobuf++;<br>=A0=A0=A0
ieee80211_free_node(ni);<br>=A0=A0=A0
return ENOMEM;<br>
}<br>
--00148530b918d1526d047efeda9b--
More information about the freebsd-bugs
mailing list