From: damien Date: Wed, 23 Jul 2008 15:55:46 +0000 (+0000) Subject: Fix a blatant misuse of MINCLSIZE I introduced in ieee80211_output.c r1.59 X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f76734bca762e1dbc7827f743e607a77eb9a9c98;p=openbsd Fix a blatant misuse of MINCLSIZE I introduced in ieee80211_output.c r1.59 The bug was added on 04/16 but it started to show up only after 06/12 when the value of MINCLSIZE was changed to something different from MHLEN + 1. Thanks to dlg@ and giovanni (qgiovanni at gmail dot com) for putting me on the right track. Tested by giovanni. Should fix system/5881 too. --- diff --git a/sys/net80211/ieee80211_output.c b/sys/net80211/ieee80211_output.c index 59ea1c4c0d5..875e95b64e3 100644 --- a/sys/net80211/ieee80211_output.c +++ b/sys/net80211/ieee80211_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_output.c,v 1.61 2008/07/21 19:27:26 damien Exp $ */ +/* $OpenBSD: ieee80211_output.c,v 1.62 2008/07/23 15:55:46 damien Exp $ */ /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ /*- @@ -951,7 +951,7 @@ ieee80211_getmgmt(int flags, int type, u_int pktlen) MGETHDR(m, flags, type); if (m == NULL) return NULL; - if (pktlen >= MINCLSIZE) { + if (pktlen > MHLEN) { MCLGET(m, flags); if (!(m->m_flags & M_EXT)) return m_free(m); diff --git a/sys/net80211/ieee80211_pae_output.c b/sys/net80211/ieee80211_pae_output.c index 6235c99b3a7..52f51e64bfa 100644 --- a/sys/net80211/ieee80211_pae_output.c +++ b/sys/net80211/ieee80211_pae_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_pae_output.c,v 1.2 2008/07/21 19:27:26 damien Exp $ */ +/* $OpenBSD: ieee80211_pae_output.c,v 1.3 2008/07/23 15:55:46 damien Exp $ */ /*- * Copyright (c) 2007,2008 Damien Bergamini @@ -212,7 +212,7 @@ ieee80211_get_eapol_key(int flags, int type, u_int pktlen) MGETHDR(m, flags, type); if (m == NULL) return NULL; - if (pktlen >= MINCLSIZE) { + if (pktlen > MHLEN) { MCLGET(m, flags); if (!(m->m_flags & M_EXT)) return m_free(m);