Add a few sizes to free().

Input, help & ok stsp

diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c
index 65b2e22..2b349bd 100644 (file)
--- a/sys/net80211/ieee80211_input.c
+++ b/sys/net80211/ieee80211_input.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_input.c,v 1.192 2017/05/02 11:03:48 stsp Exp $      */
+/*     $OpenBSD: ieee80211_input.c,v 1.193 2017/06/03 15:44:03 tb Exp $        */
 
 /*-
  * Copyright (c) 2001 Atsushi Onoe
@@ -165,7 +165,7 @@ ieee80211_input_print_task(void *arg1)
        struct ieee80211printmsg *msg = arg1;
 
        printf("%s", msg->text);
-       free(msg, M_DEVBUF, 0);
+       free(msg, M_DEVBUF, sizeof *msg);
 }
 
 void
@@ -2632,7 +2632,8 @@ ieee80211_addba_req_refuse(struct ieee80211com *ic, struct ieee80211_node *ni,
 {
        struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid];
 
-       free(ba->ba_buf, M_DEVBUF, 0);
+       free(ba->ba_buf, M_DEVBUF,
+           IEEE80211_BA_MAX_WINSZ * sizeof(*ba->ba_buf));
        ba->ba_buf = NULL;
 
        /* MLME-ADDBA.response */
@@ -2765,7 +2766,8 @@ ieee80211_recv_delba(struct ieee80211com *ic, struct mbuf *m,
                        for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++)
                                m_freem(ba->ba_buf[i].m);
                        /* free reordering buffer */
-                       free(ba->ba_buf, M_DEVBUF, 0);
+                       free(ba->ba_buf, M_DEVBUF,
+                           IEEE80211_BA_MAX_WINSZ * sizeof(*ba->ba_buf));
                        ba->ba_buf = NULL;
                }
        } else {

diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c
index 566d4b3..dc57e03 100644 (file)
--- a/sys/net80211/ieee80211_node.c
+++ b/sys/net80211/ieee80211_node.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_node.c,v 1.115 2017/03/04 12:44:27 stsp Exp $       */
+/*     $OpenBSD: ieee80211_node.c,v 1.116 2017/06/03 15:44:03 tb Exp $ */
 /*     $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $       */
 
 /*-
@@ -202,10 +202,9 @@ ieee80211_node_detach(struct ifnet *ifp)
        }
        ieee80211_free_allnodes(ic);
 #ifndef IEEE80211_STA_ONLY
-       if (ic->ic_aid_bitmap != NULL)
-               free(ic->ic_aid_bitmap, M_DEVBUF, 0);
-       if (ic->ic_tim_bitmap != NULL)
-               free(ic->ic_tim_bitmap, M_DEVBUF, 0);
+       free(ic->ic_aid_bitmap, M_DEVBUF,
+           howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t));
+       free(ic->ic_tim_bitmap, M_DEVBUF, ic->ic_tim_len);
        timeout_del(&ic->ic_inact_timeout);
        timeout_del(&ic->ic_node_cache_timeout);
        timeout_del(&ic->ic_tkip_micfail_timeout);
@@ -1728,7 +1727,8 @@ ieee80211_node_leave_ht(struct ieee80211com *ic, struct ieee80211_node *ni)
                if (ba->ba_buf != NULL) {
                        for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++)
                                m_freem(ba->ba_buf[i].m);
-                       free(ba->ba_buf, M_DEVBUF, 0);
+                       free(ba->ba_buf, M_DEVBUF,
+                           IEEE80211_BA_MAX_WINSZ * sizeof(*ba->ba_buf));
                        ba->ba_buf = NULL;
                }
        }

diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c
index 52f514f..82cfb09 100644 (file)
--- a/sys/net80211/ieee80211_proto.c
+++ b/sys/net80211/ieee80211_proto.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_proto.c,v 1.76 2017/06/02 15:31:26 stsp Exp $       */
+/*     $OpenBSD: ieee80211_proto.c,v 1.77 2017/06/03 15:44:03 tb Exp $ */
 /*     $NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $       */
 
 /*-
@@ -708,7 +708,8 @@ ieee80211_delba_request(struct ieee80211com *ic, struct ieee80211_node *ni,
                        for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++)
                                m_freem(ba->ba_buf[i].m);
                        /* free reordering buffer */
-                       free(ba->ba_buf, M_DEVBUF, 0);
+                       free(ba->ba_buf, M_DEVBUF,
+                           IEEE80211_BA_MAX_WINSZ * sizeof(*ba->ba_buf));
                        ba->ba_buf = NULL;
                }
        }