In amsdu_decap(), check for n->m_pkthdr.len == 0, not n->m_len == 0

Tue, 24 Jan 2017 06:35:30 -0800 

Since m_split() in some cases returns an mbuf chain, where the pkthdr element
contains no data (i.e. m_len == 0), the n->m_len == 0 check in
sys/net80211/ieee80211_input.c in the amsdu_decap() function sometimes
signals the end of the AMSDU frame too early.
Instead it should check the actual length of the data in the remaining
mbuf chain with n->m_pkthdr.len == 0.


Index: sys/net80211/ieee80211_input.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
retrieving revision 1.184
diff -u -r1.184 ieee80211_input.c
--- sys/net80211/ieee80211_input.c      16 Jan 2017 09:35:06 -0000      1.184
+++ sys/net80211/ieee80211_input.c      24 Jan 2017 14:26:19 -0000
@@ -1096,7 +1096,7 @@
                }
                ieee80211_deliver_data(ic, m, ni, mcast);
 
-               if (n->m_len == 0) {
+               if (n->m_pkthdr.len == 0) {
                        m_freem(n);
                        break;
                }

Reply via email to