From: stsp Date: Tue, 4 Jan 2022 15:53:57 +0000 (+0000) Subject: fix Rx Block Ack session validity checks in iwm(4) and iwx(4) X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a048bec5bc77344b61951dc1da6a1106424f61d1;p=openbsd fix Rx Block Ack session validity checks in iwm(4) and iwx(4) I ported a NULL pointer check from iwlwifi rxmq.c which cannot happen in our version of this code. Instead we need to check the BA session ID to determine whether a BA session is valid. Patch by Christian Ehrhardt. --- diff --git a/sys/dev/pci/if_iwm.c b/sys/dev/pci/if_iwm.c index ab482a8a7da..6bd432fba47 100644 --- a/sys/dev/pci/if_iwm.c +++ b/sys/dev/pci/if_iwm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_iwm.c,v 1.385 2021/12/20 15:08:10 stsp Exp $ */ +/* $OpenBSD: if_iwm.c,v 1.386 2022/01/04 15:53:57 stsp Exp $ */ /* * Copyright (c) 2014, 2016 genua gmbh @@ -5115,7 +5115,8 @@ iwm_rx_reorder(struct iwm_softc *sc, struct mbuf *m, int chanidx, return 0; rxba = &sc->sc_rxba_data[baid]; - if (rxba == NULL || tid != rxba->tid || rxba->sta_id != IWM_STATION_ID) + if (rxba->baid == IWM_RX_REORDER_DATA_INVALID_BAID || + tid != rxba->tid || rxba->sta_id != IWM_STATION_ID) return 0; if (rxba->timeout != 0) diff --git a/sys/dev/pci/if_iwx.c b/sys/dev/pci/if_iwx.c index 197efe2a823..98e1e7da6a1 100644 --- a/sys/dev/pci/if_iwx.c +++ b/sys/dev/pci/if_iwx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_iwx.c,v 1.128 2021/12/03 14:32:08 stsp Exp $ */ +/* $OpenBSD: if_iwx.c,v 1.129 2022/01/04 15:53:57 stsp Exp $ */ /* * Copyright (c) 2014, 2016 genua gmbh @@ -2931,7 +2931,7 @@ iwx_rx_bar_frame_release(struct iwx_softc *sc, struct iwx_rx_packet *pkt, return; rxba = &sc->sc_rxba_data[baid]; - if (rxba == NULL || rxba->baid == IWX_RX_REORDER_DATA_INVALID_BAID) + if (rxba->baid == IWX_RX_REORDER_DATA_INVALID_BAID) return; tid = le32toh(release->sta_tid) & IWX_BAR_FRAME_RELEASE_TID_MASK; @@ -4251,7 +4251,8 @@ iwx_rx_reorder(struct iwx_softc *sc, struct mbuf *m, int chanidx, return 0; rxba = &sc->sc_rxba_data[baid]; - if (rxba == NULL || tid != rxba->tid || rxba->sta_id != IWX_STATION_ID) + if (rxba->baid == IWX_RX_REORDER_DATA_INVALID_BAID || + tid != rxba->tid || rxba->sta_id != IWX_STATION_ID) return 0; if (rxba->timeout != 0)