From 79e0962d4c3cf1f0acf359a9d69cb3ac68c414c4 Mon Sep 17 00:00:00 2001 From: Andriy Voskoboinyk Date: Sat, 19 Jan 2019 16:04:26 +0000 Subject: [PATCH] net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 MFC after: 1 week --- sys/net80211/ieee80211_crypto.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index bf5a8e324a4f..d565b3511170 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -662,14 +662,15 @@ ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen, k = &ni->ni_ucastkey; /* - * Insure crypto header is contiguous for all decap work. + * Insure crypto header is contiguous and long enough for all + * decap work. */ cip = k->wk_cipher; - if (m->m_len < hdrlen + cip->ic_header && - (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { + if (m->m_len < hdrlen + cip->ic_header) { IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, - "unable to pullup %s header", cip->ic_name); - vap->iv_stats.is_rx_wepfail++; /* XXX */ + "frame is too short (%d < %u) for crypto decap", + cip->ic_name, m->m_len, hdrlen + cip->ic_header); + vap->iv_stats.is_rx_tooshort++; *key = NULL; return (0); }