On Mon, Nov 06, 2006 at 03:21:48PM +0100, Adrian Bunk wrote:
> This patch fixes a use-after-free for "skb" spotted by the Coverity
> checker.
> --- linux-2.6/drivers/net/wireless/hostap/hostap_80211_rx.c.old
> +++ linux-2.6/drivers/net/wireless/hostap/hostap_80211_rx.c
> @@ -1004,10 +1004,10 @@ void hostap_80211_rx(struct net_device *
> if (local->hostapd && local->apdev) {
> /* Send IEEE 802.1X frames to the user
> * space daemon for processing */
> - prism2_rx_80211(local->apdev, skb, rx_stats,
> - PRISM2_RX_MGMT);
> local->apdevstats.rx_packets++;
> local->apdevstats.rx_bytes += skb->len;
> + prism2_rx_80211(local->apdev, skb, rx_stats,
> + PRISM2_RX_MGMT);
> goto rx_exit;
Network drivers set rx_packets and rx_bytes after netif_rx. And last_rx,
too. The trick seems to be to use pkt_len variable.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
