Author: bschmidt
Date: Sun Mar 13 12:56:46 2011
New Revision: 219604
URL: http://svn.freebsd.org/changeset/base/219604
Log:
When injecting frames a temporary node is faked, during this several
uses of ic_curchan occur. Due to the nature of a scan, switching
channels constantly and all this happening without any kind of locks
held, it might happen that ic_curchan points to nowhere leading to
panics. Fix this by not allowing frame injections while in SCAN state.
Tested by: Paul B. Mahol <onemda at gmail.com>
Modified:
head/sys/net80211/ieee80211_output.c
Modified: head/sys/net80211/ieee80211_output.c
==============================================================================
--- head/sys/net80211/ieee80211_output.c Sun Mar 13 12:21:04 2011
(r219603)
+++ head/sys/net80211/ieee80211_output.c Sun Mar 13 12:56:46 2011
(r219604)
@@ -419,7 +419,8 @@ ieee80211_output(struct ifnet *ifp, stru
"block %s frame in CAC state\n", "raw data");
vap->iv_stats.is_tx_badstate++;
senderr(EIO); /* XXX */
- }
+ } else if (vap->iv_state == IEEE80211_S_SCAN)
+ senderr(EIO);
/* XXX bypass bridge, pfil, carp, etc. */
if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack))
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
