* [PATCH] ieee80211: Fix kernel panic when QoS is enabled
@ 2006-11-13 3:32 Zhu Yi
0 siblings, 0 replies; only message in thread
From: Zhu Yi @ 2006-11-13 3:32 UTC (permalink / raw)
To: netdev
The 802.11 header length is affected by the wireless mode (WDS or not) and
type (QoS or not). We should use the variable hdr_len instead of the
hard coded IEEE80211_3ADDR_LEN, otherwise we may touch invalid memory.
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
---
net/ieee80211/ieee80211_tx.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
97f244c8efd9a30f0e63e71709ee0142e85307f6
diff --git a/net/ieee80211/ieee80211_tx.c b/net/ieee80211/ieee80211_tx.c
index ae25449..854fc13 100644
--- a/net/ieee80211/ieee80211_tx.c
+++ b/net/ieee80211/ieee80211_tx.c
@@ -390,7 +390,7 @@ int ieee80211_xmit(struct sk_buff *skb,
* this stack is providing the full 802.11 header, one will
* eventually be affixed to this fragment -- so we must account
* for it when determining the amount of payload space. */
- bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
+ bytes_per_frag = frag_size - hdr_len;
if (ieee->config &
(CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
bytes_per_frag -= IEEE80211_FCS_LEN;
@@ -412,7 +412,7 @@ int ieee80211_xmit(struct sk_buff *skb,
} else {
nr_frags = 1;
bytes_per_frag = bytes_last_frag = bytes;
- frag_size = bytes + IEEE80211_3ADDR_LEN;
+ frag_size = bytes + hdr_len;
}
rts_required = (frag_size > ieee->rts
--
1.2.6
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2006-11-13 3:35 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-13 3:32 [PATCH] ieee80211: Fix kernel panic when QoS is enabled Zhu Yi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).