CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

projects / FreeBSD / FreeBSD.git / commit

author	avos <avos@FreeBSD.org>
	Sat, 28 May 2016 18:49:17 +0000 (18:49 +0000)
committer	avos <avos@FreeBSD.org>
	Sat, 28 May 2016 18:49:17 +0000 (18:49 +0000)
commit	ce3bc9d25892aa4dd07a917bbfd1e9b8267e3996
tree	3620a0bead121b36e7c04ffa3b69a65273badb2d	tree \| snapshot
parent	442baa51845cf38dbcfdc44bd8493defdaad630a	commit \| diff

net80211: fix use-after-free in frame defragmentation procedure.

- Assign frame sequence/fragment number before frame concatenation;
otherwise, frame header pointer (wh) will be invalid.
- Move this code block upper and eliminate duplicate 'lwh = mtod()'
assignment.

Tested with wpi(4) (transmitter) (STA mode) and urtwn(4) (receiver)
(HOSTAP mode).

sys/net80211/ieee80211_input.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom