Module Name: src
Committed By: maxv
Date: Sun Dec 10 08:48:15 UTC 2017
Modified Files:
src/sys/net80211: ieee80211_input.c
Log Message:
Update the pointer after m_pullup, otherwise possible use-after-free.
To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 src/sys/net80211/ieee80211_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net80211/ieee80211_input.c
diff -u src/sys/net80211/ieee80211_input.c:1.89 src/sys/net80211/ieee80211_input.c:1.90
--- src/sys/net80211/ieee80211_input.c:1.89 Tue Sep 26 07:42:06 2017
+++ src/sys/net80211/ieee80211_input.c Sun Dec 10 08:48:15 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ieee80211_input.c,v 1.89 2017/09/26 07:42:06 knakahara Exp $ */
+/* $NetBSD: ieee80211_input.c,v 1.90 2017/12/10 08:48:15 maxv Exp $ */
/*-
* Copyright (c) 2001 Atsushi Onoe
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -36,7 +36,7 @@
__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_input.c,v 1.81 2005/08/10 16:22:29 sam Exp $");
#endif
#ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.89 2017/09/26 07:42:06 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.90 2017/12/10 08:48:15 maxv Exp $");
#endif
#ifdef _KERNEL_OPT
@@ -358,6 +358,8 @@ ieee80211_input(struct ieee80211com *ic,
ic->ic_stats.is_rx_tooshort++;
goto out; /* XXX */
}
+ wh = mtod(m, struct ieee80211_frame *);
+
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
if (dir != IEEE80211_FC1_DIR_FROMDS) {
