Fix a blatant misuse of MINCLSIZE I introduced in ieee80211_output.c r1.59

The bug was added on 04/16 but it started to show up only after 06/12 when
the value of MINCLSIZE was changed to something different from MHLEN + 1.

Thanks to dlg@ and giovanni (qgiovanni at gmail dot com) for putting me
on the right track.

Tested by giovanni.
Should fix system/5881 too.

diff --git a/sys/net80211/ieee80211_output.c b/sys/net80211/ieee80211_output.c
index 59ea1c4..875e95b 100644 (file)
--- a/sys/net80211/ieee80211_output.c
+++ b/sys/net80211/ieee80211_output.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_output.c,v 1.61 2008/07/21 19:27:26 damien Exp $    */
+/*     $OpenBSD: ieee80211_output.c,v 1.62 2008/07/23 15:55:46 damien Exp $    */
 /*     $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $     */
 
 /*-
@@ -951,7 +951,7 @@ ieee80211_getmgmt(int flags, int type, u_int pktlen)
        MGETHDR(m, flags, type);
        if (m == NULL)
                return NULL;
-       if (pktlen >= MINCLSIZE) {
+       if (pktlen > MHLEN) {
                MCLGET(m, flags);
                if (!(m->m_flags & M_EXT))
                        return m_free(m);

diff --git a/sys/net80211/ieee80211_pae_output.c b/sys/net80211/ieee80211_pae_output.c
index 6235c99..52f51e6 100644 (file)
--- a/sys/net80211/ieee80211_pae_output.c
+++ b/sys/net80211/ieee80211_pae_output.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_pae_output.c,v 1.2 2008/07/21 19:27:26 damien Exp $ */
+/*     $OpenBSD: ieee80211_pae_output.c,v 1.3 2008/07/23 15:55:46 damien Exp $ */
 
 /*-
  * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -212,7 +212,7 @@ ieee80211_get_eapol_key(int flags, int type, u_int pktlen)
        MGETHDR(m, flags, type);
        if (m == NULL)
                return NULL;
-       if (pktlen >= MINCLSIZE) {
+       if (pktlen > MHLEN) {
                MCLGET(m, flags);
                if (!(m->m_flags & M_EXT))
                        return m_free(m);