openwrt-owl/package/madwifi/patches/316-skb_checks.patch

62 lines
2.0 KiB
Diff

Index: madwifi-trunk-r3280/net80211/ieee80211_input.c
===================================================================
--- madwifi-trunk-r3280.orig/net80211/ieee80211_input.c 2008-01-28 17:36:55.186089457 +0100
+++ madwifi-trunk-r3280/net80211/ieee80211_input.c 2008-01-28 17:38:42.816222949 +0100
@@ -740,8 +740,10 @@
skb1 = skb_copy(skb, GFP_ATOMIC);
/* Increment reference count after copy */
- if (skb1 != NULL)
- ieee80211_skb_copy_noderef(skb, skb1);
+ if (skb1 == NULL)
+ goto err;
+
+ ieee80211_skb_copy_noderef(skb, skb1);
/* we now have 802.3 MAC hdr followed by 802.2 LLC/SNAP; convert to EthernetII.
* Note that the frame is at least IEEE80211_MIN_LEN, due to the driver code. */
@@ -1056,9 +1058,11 @@
* assemble fragments
*/
ni->ni_rxfrag = skb_copy(skb, GFP_ATOMIC);
- /* We duplicate the reference after skb_copy */
- ieee80211_skb_copy_noderef(skb, ni->ni_rxfrag);
- ieee80211_dev_kfree_skb(&skb);
+ if (ni->ni_rxfrag) {
+ /* We duplicate the reference after skb_copy */
+ ieee80211_skb_copy_noderef(skb, ni->ni_rxfrag);
+ ieee80211_dev_kfree_skb(&skb);
+ }
}
/*
* Check that we have enough space to hold
@@ -1072,7 +1076,7 @@
(skb_end_pointer(skb) - skb->head),
GFP_ATOMIC);
/* We duplicate the reference after skb_copy */
- if (skb != ni->ni_rxfrag)
+ if ((skb != ni->ni_rxfrag) && ni->ni_rxfrag)
ieee80211_skb_copy_noderef(skb, ni->ni_rxfrag);
ieee80211_dev_kfree_skb(&skb);
}
@@ -1135,7 +1139,8 @@
if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
/* Create a SKB for the BSS to send out. */
skb1 = skb_copy(skb, GFP_ATOMIC);
- SKB_CB(skb1)->ni = ieee80211_ref_node(vap->iv_bss);
+ if (skb1)
+ SKB_CB(skb1)->ni = ieee80211_ref_node(vap->iv_bss);
}
else {
/*
@@ -1278,6 +1283,9 @@
/* XXX: does this always work? */
tskb = skb_copy(skb, GFP_ATOMIC);
+ if (!tskb)
+ return skb;
+
/* We duplicate the reference after skb_copy */
ieee80211_skb_copy_noderef(skb, tskb);
ieee80211_dev_kfree_skb(&skb);