Am 27.09.2016 10:01, schrieb Johannes Berg:
...
This leaves "eth_80211" uninitialized if has_80211_header is false.
@@ -768,6 +768,13 @@ void ieee80211_amsdu_to_8023s(struct sk_buff
*skb, struct sk_buff_head *list,
subframe_len = sizeof(struct ethhdr) + len;
padding = (4 - subframe_len) & 0x3;
+ if (unlikely(has_80211_header &&
+ (iftype == NL80211_IFTYPE_AP ||
+ iftype == NL80211_IFTYPE_AP_VLAN) &&
+ !ether_addr_equal(eth_80211.h_source,
eth.h_source)
+ ))
+ goto purge;
And this then compares against uninitialized data, so this won't work.
but it only compares against eth_80211 if has_80211_header is true due
to order of evaluation, which in turn implies eth_80211 is initialized,
right?
michael
