Stefan Sperling
2016-01-25 13:02:01 UTC
Don't try to interpret htprot data if the last beacon didn't
contain any such data. In other words, ensure we copied data
from the beacon to ni->ni_htop1 before using ni->ni_htop1.
Note that read and write of ni->ni_htop1 are not visible in
this diff's context, but happen close-by in surrounding lines.
Index: ieee80211_input.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
retrieving revision 1.152
diff -u -p -r1.152 ieee80211_input.c
--- ieee80211_input.c 25 Jan 2016 11:27:11 -0000 1.152
+++ ieee80211_input.c 25 Jan 2016 12:43:02 -0000
@@ -1579,8 +1579,8 @@ ieee80211_recv_probe_resp(struct ieee802
if (htcaps)
ieee80211_setup_htcaps(ni, htcaps + 2, htcaps[1]);
- if (htop)
- ieee80211_setup_htop(ni, htop + 2, htop[1]);
+ if (htop && !ieee80211_setup_htop(ni, htop + 2, htop[1]))
+ htop = NULL; /* invalid HTOP */
/*
* When operating in station mode, check for state updates
@@ -1603,7 +1603,7 @@ ieee80211_recv_probe_resp(struct ieee802
ic->ic_flags &= ~IEEE80211_F_USEPROT;
ic->ic_bss->ni_erp = erp;
}
- if (ic->ic_bss->ni_flags & IEEE80211_NODE_HT) {
+ if (htop && (ic->ic_bss->ni_flags & IEEE80211_NODE_HT)) {
enum ieee80211_htprot htprot_last, htprot;
htprot_last =
((ic->ic_bss->ni_htop1 & IEEE80211_HTOP1_PROT_MASK)
Index: ieee80211_node.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.97
diff -u -p -r1.97 ieee80211_node.c
--- ieee80211_node.c 7 Jan 2016 23:22:31 -0000 1.97
+++ ieee80211_node.c 25 Jan 2016 12:46:50 -0000
@@ -1308,12 +1308,12 @@ ieee80211_setup_htcaps(struct ieee80211_
/*
* Install received HT op information in the node's state block.
*/
-void
+int
ieee80211_setup_htop(struct ieee80211_node *ni, const uint8_t *data,
uint8_t len)
{
if (len != 22)
- return;
+ return 0;
ni->ni_primary_chan = data[0]; /* XXX corresponds to ni_chan */
@@ -1322,6 +1322,8 @@ ieee80211_setup_htop(struct ieee80211_no
ni->ni_htop2 = (data[3] | (data[4] << 8));
memcpy(ni->ni_basic_mcs, &data[6], sizeof(ni->ni_basic_mcs));
+
+ return 1;
}
/*
Index: ieee80211_node.h
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.h,v
retrieving revision 1.52
diff -u -p -r1.52 ieee80211_node.h
--- ieee80211_node.h 7 Jan 2016 23:22:31 -0000 1.52
+++ ieee80211_node.h 21 Jan 2016 01:53:03 -0000
@@ -353,7 +353,7 @@ extern void ieee80211_clean_cached(struc
extern void ieee80211_clean_nodes(struct ieee80211com *, int);
void ieee80211_setup_htcaps(struct ieee80211_node *, const uint8_t *,
uint8_t);
-void ieee80211_setup_htop(struct ieee80211_node *, const uint8_t *,
+int ieee80211_setup_htop(struct ieee80211_node *, const uint8_t *,
uint8_t);
extern int ieee80211_setup_rates(struct ieee80211com *,
struct ieee80211_node *, const u_int8_t *, const u_int8_t *, int);
contain any such data. In other words, ensure we copied data
from the beacon to ni->ni_htop1 before using ni->ni_htop1.
Note that read and write of ni->ni_htop1 are not visible in
this diff's context, but happen close-by in surrounding lines.
Index: ieee80211_input.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
retrieving revision 1.152
diff -u -p -r1.152 ieee80211_input.c
--- ieee80211_input.c 25 Jan 2016 11:27:11 -0000 1.152
+++ ieee80211_input.c 25 Jan 2016 12:43:02 -0000
@@ -1579,8 +1579,8 @@ ieee80211_recv_probe_resp(struct ieee802
if (htcaps)
ieee80211_setup_htcaps(ni, htcaps + 2, htcaps[1]);
- if (htop)
- ieee80211_setup_htop(ni, htop + 2, htop[1]);
+ if (htop && !ieee80211_setup_htop(ni, htop + 2, htop[1]))
+ htop = NULL; /* invalid HTOP */
/*
* When operating in station mode, check for state updates
@@ -1603,7 +1603,7 @@ ieee80211_recv_probe_resp(struct ieee802
ic->ic_flags &= ~IEEE80211_F_USEPROT;
ic->ic_bss->ni_erp = erp;
}
- if (ic->ic_bss->ni_flags & IEEE80211_NODE_HT) {
+ if (htop && (ic->ic_bss->ni_flags & IEEE80211_NODE_HT)) {
enum ieee80211_htprot htprot_last, htprot;
htprot_last =
((ic->ic_bss->ni_htop1 & IEEE80211_HTOP1_PROT_MASK)
Index: ieee80211_node.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.97
diff -u -p -r1.97 ieee80211_node.c
--- ieee80211_node.c 7 Jan 2016 23:22:31 -0000 1.97
+++ ieee80211_node.c 25 Jan 2016 12:46:50 -0000
@@ -1308,12 +1308,12 @@ ieee80211_setup_htcaps(struct ieee80211_
/*
* Install received HT op information in the node's state block.
*/
-void
+int
ieee80211_setup_htop(struct ieee80211_node *ni, const uint8_t *data,
uint8_t len)
{
if (len != 22)
- return;
+ return 0;
ni->ni_primary_chan = data[0]; /* XXX corresponds to ni_chan */
@@ -1322,6 +1322,8 @@ ieee80211_setup_htop(struct ieee80211_no
ni->ni_htop2 = (data[3] | (data[4] << 8));
memcpy(ni->ni_basic_mcs, &data[6], sizeof(ni->ni_basic_mcs));
+
+ return 1;
}
/*
Index: ieee80211_node.h
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.h,v
retrieving revision 1.52
diff -u -p -r1.52 ieee80211_node.h
--- ieee80211_node.h 7 Jan 2016 23:22:31 -0000 1.52
+++ ieee80211_node.h 21 Jan 2016 01:53:03 -0000
@@ -353,7 +353,7 @@ extern void ieee80211_clean_cached(struc
extern void ieee80211_clean_nodes(struct ieee80211com *, int);
void ieee80211_setup_htcaps(struct ieee80211_node *, const uint8_t *,
uint8_t);
-void ieee80211_setup_htop(struct ieee80211_node *, const uint8_t *,
+int ieee80211_setup_htop(struct ieee80211_node *, const uint8_t *,
uint8_t);
extern int ieee80211_setup_rates(struct ieee80211com *,
struct ieee80211_node *, const u_int8_t *, const u_int8_t *, int);