From 0cf686e667f6542656334167eabe059200eb3f7f Mon Sep 17 00:00:00 2001 From: avos Date: Sat, 26 Jan 2019 12:41:16 +0000 Subject: [PATCH] MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 git-svn-id: svn://svn.freebsd.org/base/stable/10@343465 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/net80211/ieee80211_crypto.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index d338506ed..3b59d7ac0 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -601,14 +601,15 @@ ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen) k = &ni->ni_ucastkey; /* - * Insure crypto header is contiguous for all decap work. + * Insure crypto header is contiguous and long enough for all + * decap work. */ cip = k->wk_cipher; - if (m->m_len < hdrlen + cip->ic_header && - (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { + if (m->m_len < hdrlen + cip->ic_header) { IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, - "unable to pullup %s header", cip->ic_name); - vap->iv_stats.is_rx_wepfail++; /* XXX */ + "frame is too short (%d < %u) for crypto decap", + cip->ic_name, m->m_len, hdrlen + cip->ic_header); + vap->iv_stats.is_rx_tooshort++; return NULL; } -- 2.45.0