Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-21 Thread Eugene Teo
> On Sat, May 19, 2007 at 11:14:10AM +0800, Eugene Teo wrote: > > John W. Linville wrote: > > > >> done: > > >> LEAVE(); > > >> > > >> - skb->protocol = __constant_htons(0x0019); /* > > >> ETH_P_80211_RAW */ > > >> - > > > > > > Except for this part...is this intentional?

Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-21 Thread John W. Linville
On Sat, May 19, 2007 at 11:14:10AM +0800, Eugene Teo wrote: > John W. Linville wrote: > >> done: > >> LEAVE(); > >> > >> - skb->protocol = __constant_htons(0x0019); /* ETH_P_80211_RAW > >> */ > >> - > > > > Except for this part...is this intentional? > > skb could have

Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-21 Thread John W. Linville
On Sat, May 19, 2007 at 11:14:10AM +0800, Eugene Teo wrote: John W. Linville wrote: done: LEAVE(); - skb-protocol = __constant_htons(0x0019); /* ETH_P_80211_RAW */ - Except for this part...is this intentional? skb could have been freed by then. And, in

Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-21 Thread Eugene Teo
quote sender=John W. Linville On Sat, May 19, 2007 at 11:14:10AM +0800, Eugene Teo wrote: John W. Linville wrote: done: LEAVE(); - skb-protocol = __constant_htons(0x0019); /* ETH_P_80211_RAW */ - Except for this part...is this intentional?

Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-18 Thread Eugene Teo
John W. Linville wrote: > First, please send all wireless patches to > [EMAIL PROTECTED], and be sure to CC me as well...thanks! > > On Sat, May 19, 2007 at 12:50:31AM +0800, Eugene Teo wrote: >> libertas_upload_rx_packet() calls netif_rx() before returning, and it always >> return 0. >> Also

Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-18 Thread John W. Linville
First, please send all wireless patches to [EMAIL PROTECTED], and be sure to CC me as well...thanks! On Sat, May 19, 2007 at 12:50:31AM +0800, Eugene Teo wrote: > libertas_upload_rx_packet() calls netif_rx() before returning, and it always > return 0. > Also within libertas_upload_rx_packet(),

[2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-18 Thread Eugene Teo
libertas_upload_rx_packet() calls netif_rx() before returning, and it always return 0. Also within libertas_upload_rx_packet(), it will initialize skb->protocol anyways. Spotted by the Coverity checker. Signed-off-by: Eugene Teo <[EMAIL PROTECTED]> diff --git

[2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-18 Thread Eugene Teo
libertas_upload_rx_packet() calls netif_rx() before returning, and it always return 0. Also within libertas_upload_rx_packet(), it will initialize skb-protocol anyways. Spotted by the Coverity checker. Signed-off-by: Eugene Teo [EMAIL PROTECTED] diff --git a/drivers/net/wireless/libertas/rx.c

Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-18 Thread John W. Linville
First, please send all wireless patches to [EMAIL PROTECTED], and be sure to CC me as well...thanks! On Sat, May 19, 2007 at 12:50:31AM +0800, Eugene Teo wrote: libertas_upload_rx_packet() calls netif_rx() before returning, and it always return 0. Also within libertas_upload_rx_packet(), it

Re: [2.6 patch] drivers/net/wireless/libertas/rx.c: fix use-after-free

2007-05-18 Thread Eugene Teo
John W. Linville wrote: First, please send all wireless patches to [EMAIL PROTECTED], and be sure to CC me as well...thanks! On Sat, May 19, 2007 at 12:50:31AM +0800, Eugene Teo wrote: libertas_upload_rx_packet() calls netif_rx() before returning, and it always return 0. Also within