CVSROOT: /cvs
Module name: src
Changes by: s...@cvs.openbsd.org 2021/11/22 03:47:55
Modified files:
sys/dev/pci : if_iwx.c
Log message:
In iwx(4), fix off-by-one errors during TID value bounds checks.
The TID is used as an array index and, according to the Linux driver,
must be smaller than IWX_MAX_TID_COUNT (8). The AP might request an Rx
aggregation session using TID 8. Our driver uses the TID as an index into
an array of IEEE80211_NUM_TID (16) elements, and hence would not crash.
However, the index is exposed to firmware which could potentially crash
or raise an assertion failure for values >= 8.
ok kettenis@
