From Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>:
Adrien Destugues has uploaded this change for review. (
https://review.haiku-os.org/c/haiku/+/5377 ;)
Change subject: usb_rndis: fix handling of multiple packets in one USB
transaction
......................................................................
usb_rndis: fix handling of multiple packets in one USB transaction
I got my pointer math wrong because some things in RNDIS use uint32 as
the base, but some things are in bytes. Most of the time this would result
in an offset past the end of the USB buffer, so it would just lead to
ignoring all but the first packet. But if the first packet was small enough,
it would point somewhere still in the buffer, and we would read the wrong
data.
Should fix #17775
---
M src/add-ons/kernel/drivers/network/ether/usb_rndis/RNDISDevice.cpp
1 file changed, 3 insertions(+), 1 deletion(-)
git pull ssh://git.haiku-os.org:22/haiku refs/changes/77/5377/1
diff --git a/src/add-ons/kernel/drivers/network/ether/usb_rndis/RNDISDevice.cpp
b/src/add-ons/kernel/drivers/network/ether/usb_rndis/RNDISDevice.cpp
index 1b17bef..c38e117 100644
--- a/src/add-ons/kernel/drivers/network/ether/usb_rndis/RNDISDevice.cpp
+++ b/src/add-ons/kernel/drivers/network/ether/usb_rndis/RNDISDevice.cpp
@@ -316,7 +316,9 @@
fReadHeader[1], fReadHeader[2], fReadHeader[3]);
// Advance to next packet
- fReadHeader += fReadHeader[1];
+ fReadHeader = (uint32*)((uint8*)fReadHeader + fReadHeader[1]);
+
+ // Are we past the end of the buffer? If so, prepare to receive another
one on the next read
if ((uint32)((uint8*)fReadHeader - fReadBuffer) >= fActualLengthRead)
fReadHeader = NULL;
--
To view, visit https://review.haiku-os.org/c/haiku/+/5377
To unsubscribe, or for help writing mail filters, visit
https://review.haiku-os.org/settings
Gerrit-Project: haiku
Gerrit-Branch: master
Gerrit-Change-Id: I32ec0081336b1f772d4dc3099a0ac2c691aa12f0
Gerrit-Change-Number: 5377
Gerrit-PatchSet: 1
Gerrit-Owner: Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
Gerrit-MessageType: newchange
