[802.11] Fix a use-after-free
authorJoshua Oreman <oremanj@rwcr.net>
Fri, 30 Jul 2010 03:13:31 +0000 (20:13 -0700)
committerJoshua Oreman <oremanj@rwcr.net>
Fri, 30 Jul 2010 03:13:31 +0000 (20:13 -0700)
When we received an encrypted packet, after replacing it with its decrypted
version and freeing the encrypted original, we would continue to look at
the header of the now-freed original packet. Fix by moving the header pointer
to point at the decrypted packet instead.

src/net/80211/net80211.c

index 87c7b3d..b07513e 100644 (file)
@@ -2720,6 +2720,7 @@ void net80211_rx ( struct net80211_device *dev, struct io_buffer *iob,
                }
                free_iob ( iob );
                iob = niob;
+               hdr = iob->data;
        }
 
        dev->last_signal = signal;