int
wprobe_add_frame(struct wprobe_iface *dev, const struct wprobe_wlan_hdr *hdr, void *data, int len)
{
+ struct wprobe_wlan_hdr *new_hdr;
struct wprobe_filter *f;
struct sk_buff *skb;
unsigned long flags;
if (len + skb->len > WPROBE_MAX_FRAME_SIZE)
len = WPROBE_MAX_FRAME_SIZE - skb->len;
- memcpy(skb_put(skb, f->hdrlen), hdr, sizeof(struct wprobe_wlan_hdr));
+ new_hdr = (struct wprobe_wlan_hdr *) skb_put(skb, f->hdrlen);
+ memcpy(new_hdr, hdr, sizeof(struct wprobe_wlan_hdr));
+ new_hdr->len = cpu_to_be16(new_hdr->len);
+
memcpy(skb_put(skb, len), data, len);
for(i = 0; i < f->n_groups; i++) {
hdr->name[31] = 0;
cur_is = be32_to_cpu(hdr->n_items);
+ hdr->n_items = cur_is;
is += cur_is;
for (j = 0; j < cur_is; j++) {
struct sock_filter *sf;
if (data > end)
goto overrun;
- if (hdr->n_items > 1024)
+ hdr->name[31] = 0;
+ n_items = be32_to_cpu(hdr->n_items);
+ hdr->n_items = n_items;
+
+ if (n_items > 1024)
goto overrun;
- hdr->name[31] = 0;
- hdr->n_items = n_items = be32_to_cpu(hdr->n_items);
sf = data;
if (n_items > 0) {
for (k = 0; k < n_items; k++) {
for (j = 0; j < g->n_items; j++) {
hdr = data;
f->items[cur_is++] = data;
- data += sizeof(*hdr) + be32_to_cpu(hdr->n_items) * sizeof(struct sock_filter);
+ data += sizeof(*hdr) + hdr->n_items * sizeof(struct sock_filter);
}
}
rcu_assign_pointer(dev->active_filter, f);