Only add the extra_tx_headroom to the len when allocating
the sk_buff. This will prevent using an invalid length for skb_put
which would cause a skb panic inside the driver.
Signed-off-by: Ivo van Doorn <[email protected]>
---
diff --git a/net/d80211/ieee80211_scan.c b/net/d80211/ieee80211_scan.c
index 263de0d..1d77155 100644
--- a/net/d80211/ieee80211_scan.c
+++ b/net/d80211/ieee80211_scan.c
@@ -280,7 +280,7 @@ void ieee80211_init_scan(struct ieee80211_local *local)
{
struct ieee80211_hdr hdr;
u16 fc;
- int len = 10 + local->hw.extra_tx_headroom;
+ int len = 10;
struct rate_control_extra extra;
/* Only initialize passive scanning if the hardware supports it */
@@ -303,7 +303,8 @@ void ieee80211_init_scan(struct ieee80211_local *local)
/* Create a CTS from for broadcasting before
* the low level changes channels */
- local->scan.skb = alloc_skb(len, GFP_KERNEL);
+ local->scan.skb = alloc_skb(len + local->hw.extra_tx_headroom,
+ GFP_KERNEL);
if (!local->scan.skb) {
printk(KERN_WARNING "%s: Failed to allocate CTS packet for "
"passive scan\n", local->mdev->name);
On Sun, 18 Feb 2007 14:16:24 +0100, Ivo van Doorn wrote:
> Only add the extra_tx_headroom to the len when allocating
> the sk_buff. This will prevent using an invalid length for skb_put
> which would cause a skb panic inside the driver.
Applied, thanks for the patch!
Jiri
--
Jiri Benc
SUSE Labs