MFC r343190:

net80211: drop m_pullup call from ieee80211_crypto_decap. For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241
svn path=/stable/10/; revision=343465
2024-11-30 10:52:50 +00:00 · 2019-01-26 12:41:16 +00:00 · 2019-01-26 12:41:16 +00:00 · 620c830265 · 2020-12-20 02:59:44 +00:00
commit 620c830265
parent b69546edea
1 changed files with 6 additions and 5 deletions
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@ -601,14 +601,15 @@ ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen)
 		k = &ni->ni_ucastkey;

 	/*
-	 * Insure crypto header is contiguous for all decap work.
+	 * Insure crypto header is contiguous and long enough for all
+	 * decap work.
 	 */
 	cip = k->wk_cipher;
-	if (m->m_len < hdrlen + cip->ic_header &&
-	    (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) {
+	if (m->m_len < hdrlen + cip->ic_header) {
 		IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2,
-		    "unable to pullup %s header", cip->ic_name);
-		vap->iv_stats.is_rx_wepfail++;	/* XXX */
+		    "frame is too short (%d < %u) for crypto decap",
+		    cip->ic_name, m->m_len, hdrlen + cip->ic_header);
+		vap->iv_stats.is_rx_tooshort++;
 		return NULL;
 	}