On Tue, 2016-09-27 at 10:53 +0200, michael-dev wrote: > Am 27.09.2016 10:01, schrieb Johannes Berg: > > > > ... > > > > This leaves "eth_80211" uninitialized if has_80211_header is false. > > > > > > > > @@ -768,6 +768,13 @@ void ieee80211_amsdu_to_8023s(struct sk_buff > > > *skb, struct sk_buff_head *list, > > > subframe_len = sizeof(struct ethhdr) + len; > > > padding = (4 - subframe_len) & 0x3; > > > > > > + if (unlikely(has_80211_header && > > > + (iftype == NL80211_IFTYPE_AP || > > > + iftype == NL80211_IFTYPE_AP_VLAN) > > > && > > > > > > + !ether_addr_equal(eth_80211.h_source, > > > eth.h_source) > > > + )) > > > + goto purge; > > > > And this then compares against uninitialized data, so this won't > > work. > > but it only compares against eth_80211 if has_80211_header is true > due to order of evaluation, which in turn implies eth_80211 is > initialized, right? > Oh, right, I missed that, sorry. Nevertheless, it seems it would be better to allow the other users (not mac80211) that have has_80211_header=false to still have the check? johannes
