Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net80211 Various fixes: style, remove tiring XXXs, and p...
details: https://anonhg.NetBSD.org/src/rev/df46a26460c4
branches: trunk
changeset: 358796:df46a26460c4
user: maxv <maxv%NetBSD.org@localhost>
date: Tue Jan 16 18:53:32 2018 +0000
description:
Various fixes: style, remove tiring XXXs, and prevent integer overflow in
ieee80211_setup_rates (normally it already can't happen, because I added a
length check on xrates in ieee80211_recv_mgmt_beacon).
diffstat:
sys/net80211/ieee80211_input.c | 26 ++++++++++++++++++--------
sys/net80211/ieee80211_node.c | 19 ++++++++++++-------
2 files changed, 30 insertions(+), 15 deletions(-)
diffs (194 lines):
diff -r 66d1f9e837d9 -r df46a26460c4 sys/net80211/ieee80211_input.c
--- a/sys/net80211/ieee80211_input.c Tue Jan 16 18:42:43 2018 +0000
+++ b/sys/net80211/ieee80211_input.c Tue Jan 16 18:53:32 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ieee80211_input.c,v 1.107 2018/01/16 18:42:43 maxv Exp $ */
+/* $NetBSD: ieee80211_input.c,v 1.108 2018/01/16 18:53:32 maxv Exp $ */
/*
* Copyright (c) 2001 Atsushi Onoe
@@ -37,7 +37,7 @@
__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_input.c,v 1.81 2005/08/10 16:22:29 sam Exp $");
#endif
#ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.107 2018/01/16 18:42:43 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.108 2018/01/16 18:53:32 maxv Exp $");
#endif
#ifdef _KERNEL_OPT
@@ -1038,22 +1038,28 @@
* Install received rate set information in the node's state block.
*/
int
-ieee80211_setup_rates(struct ieee80211_node *ni,
- const u_int8_t *rates, const u_int8_t *xrates, int flags)
+ieee80211_setup_rates(struct ieee80211_node *ni, const u_int8_t *rates,
+ const u_int8_t *xrates, int flags)
{
struct ieee80211com *ic = ni->ni_ic;
struct ieee80211_rateset *rs = &ni->ni_rates;
memset(rs, 0, sizeof(*rs));
+
rs->rs_nrates = rates[1];
memcpy(rs->rs_rates, rates + 2, rs->rs_nrates);
+
if (xrates != NULL) {
u_int8_t nxrates;
+ size_t totalrate;
+
/*
* Tack on 11g extended supported rate element.
*/
nxrates = xrates[1];
- if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) {
+ totalrate = (size_t)rs->rs_nrates + (size_t)nxrates;
+
+ if (totalrate > IEEE80211_RATE_MAXSIZE) {
IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]);
nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates;
IEEE80211_DPRINTF(ic, IEEE80211_MSG_XRATE,
@@ -1063,9 +1069,11 @@
nxrates, xrates[1]);
ic->ic_stats.is_rx_rstoobig++;
}
+
memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates);
rs->rs_nrates += nxrates;
}
+
return ieee80211_fix_rate(ni, flags);
}
@@ -1869,11 +1877,14 @@
wh, "WME", "too short, len %u", len);
return -1;
}
+
qosinfo = frm[offsetof(struct ieee80211_wme_param, param_qosInfo)];
qosinfo &= WME_QOSINFO_COUNT;
+
/* XXX do proper check for wraparound */
if (qosinfo == wme->wme_wmeChanParams.cap_info)
return 0;
+
frm += offsetof(struct ieee80211_wme_param, params_acParams);
for (i = 0; i < WME_NUM_AC; i++) {
struct wmeParams *wmep =
@@ -1886,6 +1897,7 @@
wmep->wmep_txopLimit = LE_READ_2(frm+2);
frm += 4;
}
+
wme->wme_wmeChanParams.cap_info = qosinfo;
return 1;
#undef MS
@@ -2191,7 +2203,7 @@
* Count frame now that we know it's to be processed.
*/
if (subtype == IEEE80211_FC0_SUBTYPE_BEACON) {
- ic->ic_stats.is_rx_beacon++; /* XXX remove */
+ ic->ic_stats.is_rx_beacon++;
IEEE80211_NODE_STAT(ni, rx_beacons);
} else {
IEEE80211_NODE_STAT(ni, rx_proberesp);
@@ -2219,7 +2231,6 @@
else
ic->ic_flags &= ~IEEE80211_F_USEPROT;
ni->ni_erp = scan.sp_erp;
- /* XXX statistic */
}
if ((ni->ni_capinfo ^ scan.sp_capinfo) & IEEE80211_CAPINFO_SHORT_SLOTTIME) {
@@ -2237,7 +2248,6 @@
ic->ic_curmode == IEEE80211_MODE_11A ||
(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME));
ni->ni_capinfo = scan.sp_capinfo;
- /* XXX statistic */
}
if (scan.sp_wme != NULL && (ni->ni_flags & IEEE80211_NODE_QOS) &&
diff -r 66d1f9e837d9 -r df46a26460c4 sys/net80211/ieee80211_node.c
--- a/sys/net80211/ieee80211_node.c Tue Jan 16 18:42:43 2018 +0000
+++ b/sys/net80211/ieee80211_node.c Tue Jan 16 18:53:32 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ieee80211_node.c,v 1.73 2018/01/16 18:42:43 maxv Exp $ */
+/* $NetBSD: ieee80211_node.c,v 1.74 2018/01/16 18:53:32 maxv Exp $ */
/*-
* Copyright (c) 2001 Atsushi Onoe
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -36,7 +36,7 @@
__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_node.c,v 1.65 2005/08/13 17:50:21 sam Exp $");
#endif
#ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.73 2018/01/16 18:42:43 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.74 2018/01/16 18:53:32 maxv Exp $");
#endif
#ifdef _KERNEL_OPT
@@ -1235,9 +1235,8 @@
*/
void
ieee80211_add_scan(struct ieee80211com *ic,
- const struct ieee80211_scanparams *sp,
- const struct ieee80211_frame *wh,
- int subtype, int rssi, int rstamp)
+ const struct ieee80211_scanparams *sp, const struct ieee80211_frame *wh,
+ int subtype, int rssi, int rstamp)
{
#define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
struct ieee80211_node_table *nt = &ic->ic_scan;
@@ -1255,6 +1254,7 @@
return;
}
ieee80211_setup_node(nt, ni, wh->i_addr2);
+
/*
* XXX inherit from ic_bss.
*/
@@ -1265,17 +1265,19 @@
ni->ni_rsn = ic->ic_bss->ni_rsn;
newnode = 1;
}
+
#ifdef IEEE80211_DEBUG
if (ieee80211_msg_scan(ic) && (ic->ic_flags & IEEE80211_F_SCAN))
dump_probe_beacon(subtype, newnode, wh->i_addr2, sp);
#endif
+
/* XXX ap beaconing multiple ssid w/ same bssid */
- if (sp->sp_ssid[1] != 0 &&
- (ISPROBE(subtype) || ni->ni_esslen == 0)) {
+ if (sp->sp_ssid[1] != 0 && (ISPROBE(subtype) || ni->ni_esslen == 0)) {
ni->ni_esslen = sp->sp_ssid[1];
memset(ni->ni_essid, 0, sizeof(ni->ni_essid));
memcpy(ni->ni_essid, sp->sp_ssid + 2, sp->sp_ssid[1]);
}
+
ni->ni_scangen = ic->ic_scan.nt_scangen;
IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
ni->ni_rssi = rssi;
@@ -1287,6 +1289,7 @@
ni->ni_fhdwell = sp->sp_fhdwell;
ni->ni_fhindex = sp->sp_fhindex;
ni->ni_erp = sp->sp_erp;
+
if (sp->sp_tim != NULL) {
struct ieee80211_tim_ie *ie =
(struct ieee80211_tim_ie *)sp->sp_tim;
@@ -1294,6 +1297,7 @@
ni->ni_dtim_count = ie->tim_count;
ni->ni_dtim_period = ie->tim_period;
}
+
/*
* Record the byte offset from the mac header to
* the start of the TIM information element for
@@ -1301,6 +1305,7 @@
* processing of beacon frames.
*/
ni->ni_timoff = sp->sp_timoff;
+
/*
* Record optional information elements that might be
* used by applications or drivers.
Home |
Main Index |
Thread Index |
Old Index