If a rates information element is received that is larger than we will accept, simply...

author mentor <mentor@0192ed92-7a03-0410-a25b-9323aeb14dbd>

Thu, 11 Oct 2007 15:40:49 +0000 (15:40 +0000)

committer mentor <mentor@0192ed92-7a03-0410-a25b-9323aeb14dbd>

Thu, 11 Oct 2007 15:40:49 +0000 (15:40 +0000)
author mentor <mentor@0192ed92-7a03-0410-a25b-9323aeb14dbd>
Thu, 11 Oct 2007 15:40:49 +0000 (15:40 +0000)
committer mentor <mentor@0192ed92-7a03-0410-a25b-9323aeb14dbd>
Thu, 11 Oct 2007 15:40:49 +0000 (15:40 +0000)
diff --git a/net80211/_ieee80211.h b/net80211/_ieee80211.h

index 82d3dbb35b4b22703ea3adb037e12d8f9c86a906..dfa5fc210222250c65e5bd2428fc1cd1572e8643 100644 (file)
--- a/net80211/_ieee80211.h
+++ b/net80211/_ieee80211.h
@@ -225,6 +225,8 @@ struct ieee80211_channel {
   */
  #define        IEEE80211_RATE_SIZE     8               /* 802.11 standard */
  #define        IEEE80211_RATE_MAXSIZE  15              /* max rates we'll handle */
+#define        IEEE80211_SANITISE_RATESIZE(_rsz) \
+       ((_rsz > IEEE80211_RATE_MAXSIZE) ? IEEE80211_RATE_MAXSIZE : _rsz)
  
  struct ieee80211_rateset {
         u_int8_t rs_nrates;
diff --git a/net80211/ieee80211_scan_ap.c b/net80211/ieee80211_scan_ap.c

index c1a9df49fa63ba82e1779d4026719ca17d0ff6a5..8509c6387261e2bbd2f5f3d3190ccaa64e11aef2 100644 (file)
--- a/net80211/ieee80211_scan_ap.c
+++ b/net80211/ieee80211_scan_ap.c
@@ -511,31 +511,30 @@ ap_add(struct ieee80211_scan_state *ss, const struct ieee80211_scanparams *sp,
         IEEE80211_ADDR_COPY(se->base.se_macaddr, macaddr);
         TAILQ_INSERT_TAIL(&as->as_entry, se, se_list);
         LIST_INSERT_HEAD(&as->as_hash[hash], se, se_hash);
+
  found:
         ise = &se->base;
-       /* XXX ap beaconing multiple ssid w/ same bssid */
-       if (sp->ssid[1] != 0 &&
-           ((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) || ise->se_ssid[1] == 0))
-       {
+
+       /* XXX: AP beaconing multiple SSID w/ same BSSID */
+       if ((sp->ssid[1] != 0) &&
+           ((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) || 
+            (ise->se_ssid[1] == 0)))
                 memcpy(ise->se_ssid, sp->ssid, 2 + sp->ssid[1]);
-        }
-       KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE,
-               ("rate set too large: %u", sp->rates[1]));
-       memcpy(ise->se_rates, sp->rates, 2 + sp->rates[1]);
+
+       memcpy(ise->se_rates, sp->rates, 
+               IEEE80211_SANITISE_RATESIZE(2 + sp->rates[1]));
         if (sp->xrates != NULL) {
-               /* XXX validate xrates[1] */
-               KASSERT(sp->xrates[1] <= IEEE80211_RATE_MAXSIZE,
-                       ("xrate set too large: %u", sp->xrates[1]));
-               memcpy(ise->se_xrates, sp->xrates, 2 + sp->xrates[1]);
+               memcpy(ise->se_xrates, sp->xrates, 
+                               IEEE80211_SANITISE_RATESIZE(2 + sp->xrates[1]));
         } else
                 ise->se_xrates[1] = 0;
+
         IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3);
-       /*
-        * Record rssi data using extended precision LPF filter.
-        */
-       if (se->se_lastupdate == 0)             /* first sample */
+
+       /* Record RSSI data using extended precision LPF filter.*/
+       if (se->se_lastupdate == 0)                     /* First sample */
                 se->se_avgrssi = RSSI_IN(rssi);
-       else                                    /* avg w/ previous samples */
+       else                                    /* Avg. w/ previous samples */
                 RSSI_LPF(se->se_avgrssi, rssi);
         se->base.se_rssi = RSSI_GET(se->se_avgrssi);
         ise->se_rtsf = rtsf;
diff --git a/net80211/ieee80211_scan_sta.c b/net80211/ieee80211_scan_sta.c

index 76de10e3a010cdeca7c18d397c11d11cf37e76fa..c5e26df0f1c804741fbb7c5c2492d0fb0f82fff8 100644 (file)
--- a/net80211/ieee80211_scan_sta.c
+++ b/net80211/ieee80211_scan_sta.c
@@ -247,22 +247,23 @@ sta_add(struct ieee80211_scan_state *ss, const struct ieee80211_scanparams *sp,
         IEEE80211_ADDR_COPY(se->base.se_macaddr, macaddr);
         TAILQ_INSERT_TAIL(&st->st_entry, se, se_list);
         LIST_INSERT_HEAD(&st->st_hash[hash], se, se_hash);
+
  found:
         ise = &se->base;
+
         /* XXX ap beaconing multiple ssid w/ same bssid */
         if (sp->ssid[1] != 0 &&
             (ISPROBE(subtype) || ise->se_ssid[1] == 0))
                 memcpy(ise->se_ssid, sp->ssid, 2 + sp->ssid[1]);
-       KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE,
-               ("rate set too large: %u", sp->rates[1]));
-       memcpy(ise->se_rates, sp->rates, 2 + sp->rates[1]);
+
+       memcpy(ise->se_rates, sp->rates, 
+                       2 + IEEE80211_SANITISE_RATESIZE(sp->rates[1]));
         if (sp->xrates != NULL) {
-               /* XXX validate xrates[1] */
-               KASSERT(sp->xrates[1] <= IEEE80211_RATE_MAXSIZE,
-                       ("xrate set too large: %u", sp->xrates[1]));
-               memcpy(ise->se_xrates, sp->xrates, 2 + sp->xrates[1]);
+               memcpy(ise->se_xrates, sp->xrates, 
+                               2 + IEEE80211_SANITISE_RATESIZE(sp->xrates[1]));
         } else
                 ise->se_xrates[1] = 0;
+
         IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3);
         /*
          * Record rssi data using extended precision LPF filter.
author	mentor <mentor@0192ed92-7a03-0410-a25b-9323aeb14dbd>
	Thu, 11 Oct 2007 15:40:49 +0000 (15:40 +0000)
committer	mentor <mentor@0192ed92-7a03-0410-a25b-9323aeb14dbd>
	Thu, 11 Oct 2007 15:40:49 +0000 (15:40 +0000)
net80211/_ieee80211.h		patch \| blob \| history
net80211/ieee80211_scan_ap.c		patch \| blob \| history
net80211/ieee80211_scan_sta.c		patch \| blob \| history