On Fri, 2010-05-28 at 14:38 -0700, Daniel Halperin wrote: > On May 28, 2010, at 1:34 PM, Johannes Berg wrote: > > One thing I ask myself though is do we ever check that the frame is long > > enough? In the patch below I will by checking the skb_copy_bits() return > > value, but without that we don't, as far as I can tell? > > Good point. > > + if (skb_copy_bits(skb, offsetof(struct ieee80211_bar, control), > > + &bar_data, sizeof(bar_data))) > > + return RX_DROP_MONITOR; > > + > > if (!rx->sta) > > return RX_DROP_MONITOR; > > Maybe invert the order of these two exit conditions? Figure most CPUs > will speculate anyway, but the second check seems a more efficient > short-circuit. Yeah, true. I think it probably makes more sense to just linearize control frames like you did, and separately add a length check. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
