Ticket #1071: ieee80211_input_crash_fix.3.diff
| File ieee80211_input_crash_fix.3.diff, 1.3 kB (added by rozteck@interia.pl, 5 years ago) |
|---|
-
net80211/ieee80211_input.c
old new 222 222 struct sk_buff *skb, int rssi, u_int32_t rstamp) 223 223 { 224 224 #define HAS_SEQ(type) ((type & 0x4) == 0) 225 struct ieee80211vap *vap = ni->ni_vap;226 struct ieee80211com *ic = vap->iv_ic;225 struct ieee80211vap *vap = NULL; 226 struct ieee80211com *ic = NULL; 227 227 struct ieee80211_node *ni_wds = NULL; 228 struct net_device *dev = vap->iv_dev;228 struct net_device *dev = NULL; 229 229 struct ieee80211_frame *wh; 230 230 struct ieee80211_key *key; 231 231 struct ether_header *eh; … … 236 236 u_int8_t dir, type, subtype; 237 237 u_int8_t *bssid; 238 238 u_int16_t rxseq; 239 240 KASSERT(ni != NULL, ("null node")); 241 242 type = -1; /* undefined */ 239 243 240 KASSERT(ni != NULL, ("null node")); 244 vap = ni->ni_vap; 245 if (vap == NULL) goto out; 246 247 ic = vap->iv_ic; 248 if (ic == NULL) goto out; 249 250 dev = vap->iv_dev; 251 if (dev == NULL) goto out; 252 241 253 ni->ni_inact = ni->ni_inact_reload; 242 254 243 255 KASSERT(skb->len >= sizeof(struct ieee80211_frame_min), 244 256 ("frame length too short: %u", skb->len)); 245 257 246 258 /* XXX adjust device in sk_buff? */ 247 248 type = -1; /* undefined */ 259 249 260 /* 250 261 * In monitor mode, send everything directly to bpf. 251 262 * Also do not process frames w/o i_addr2 any further.
