net80211

Maxime Villard Tue, 16 Jan 2018 10:53:54 -0800

Module Name:    src
Committed By:   maxv
Date:           Tue Jan 16 18:53:32 UTC 2018


Modified Files:
        src/sys/net80211: ieee80211_input.c ieee80211_node.c

Log Message:
Various fixes: style, remove tiring XXXs, and prevent integer overflow in
ieee80211_setup_rates (normally it already can't happen, because I added a
length check on xrates in ieee80211_recv_mgmt_beacon).


To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 src/sys/net80211/ieee80211_input.c
cvs rdiff -u -r1.73 -r1.74 src/sys/net80211/ieee80211_node.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net80211/ieee80211_input.c
diff -u src/sys/net80211/ieee80211_input.c:1.107 src/sys/net80211/ieee80211_input.c:1.108
--- src/sys/net80211/ieee80211_input.c:1.107	Tue Jan 16 18:42:43 2018
+++ src/sys/net80211/ieee80211_input.c	Tue Jan 16 18:53:32 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ieee80211_input.c,v 1.107 2018/01/16 18:42:43 maxv Exp $	*/
+/*	$NetBSD: ieee80211_input.c,v 1.108 2018/01/16 18:53:32 maxv Exp $	*/
 
 /*
  * Copyright (c) 2001 Atsushi Onoe
@@ -37,7 +37,7 @@
 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_input.c,v 1.81 2005/08/10 16:22:29 sam Exp $");
 #endif
 #ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.107 2018/01/16 18:42:43 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.108 2018/01/16 18:53:32 maxv Exp $");
 #endif
 
 #ifdef _KERNEL_OPT
@@ -1038,22 +1038,28 @@ ieee80211_decap(struct ieee80211com *ic,
  * Install received rate set information in the node's state block.
  */
 int
-ieee80211_setup_rates(struct ieee80211_node *ni,
-	const u_int8_t *rates, const u_int8_t *xrates, int flags)
+ieee80211_setup_rates(struct ieee80211_node *ni, const u_int8_t *rates,
+    const u_int8_t *xrates, int flags)
 {
 	struct ieee80211com *ic = ni->ni_ic;
 	struct ieee80211_rateset *rs = &ni->ni_rates;
 
 	memset(rs, 0, sizeof(*rs));
+
 	rs->rs_nrates = rates[1];
 	memcpy(rs->rs_rates, rates + 2, rs->rs_nrates);
+
 	if (xrates != NULL) {
 		u_int8_t nxrates;
+		size_t totalrate;
+
 		/*
 		 * Tack on 11g extended supported rate element.
 		 */
 		nxrates = xrates[1];
-		if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) {
+		totalrate = (size_t)rs->rs_nrates + (size_t)nxrates;
+
+		if (totalrate > IEEE80211_RATE_MAXSIZE) {
 			IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]);
 			nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates;
 			IEEE80211_DPRINTF(ic, IEEE80211_MSG_XRATE,
@@ -1063,9 +1069,11 @@ ieee80211_setup_rates(struct ieee80211_n
 			     nxrates, xrates[1]);
 			ic->ic_stats.is_rx_rstoobig++;
 		}
+
 		memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates);
 		rs->rs_nrates += nxrates;
 	}
+
 	return ieee80211_fix_rate(ni, flags);
 }
 
@@ -1869,11 +1877,14 @@ ieee80211_parse_wmeparams(struct ieee802
 		    wh, "WME", "too short, len %u", len);
 		return -1;
 	}
+
 	qosinfo = frm[offsetof(struct ieee80211_wme_param, param_qosInfo)];
 	qosinfo &= WME_QOSINFO_COUNT;
+
 	/* XXX do proper check for wraparound */
 	if (qosinfo == wme->wme_wmeChanParams.cap_info)
 		return 0;
+
 	frm += offsetof(struct ieee80211_wme_param, params_acParams);
 	for (i = 0; i < WME_NUM_AC; i++) {
 		struct wmeParams *wmep =
@@ -1886,6 +1897,7 @@ ieee80211_parse_wmeparams(struct ieee802
 		wmep->wmep_txopLimit = LE_READ_2(frm+2);
 		frm += 4;
 	}
+
 	wme->wme_wmeChanParams.cap_info = qosinfo;
 	return 1;
 #undef MS
@@ -2191,7 +2203,7 @@ ieee80211_recv_mgmt_beacon(struct ieee80
 	 * Count frame now that we know it's to be processed.
 	 */
 	if (subtype == IEEE80211_FC0_SUBTYPE_BEACON) {
-		ic->ic_stats.is_rx_beacon++;		/* XXX remove */
+		ic->ic_stats.is_rx_beacon++;
 		IEEE80211_NODE_STAT(ni, rx_beacons);
 	} else {
 		IEEE80211_NODE_STAT(ni, rx_proberesp);
@@ -2219,7 +2231,6 @@ ieee80211_recv_mgmt_beacon(struct ieee80
 			else
 				ic->ic_flags &= ~IEEE80211_F_USEPROT;
 			ni->ni_erp = scan.sp_erp;
-			/* XXX statistic */
 		}
 
 		if ((ni->ni_capinfo ^ scan.sp_capinfo) & IEEE80211_CAPINFO_SHORT_SLOTTIME) {
@@ -2237,7 +2248,6 @@ ieee80211_recv_mgmt_beacon(struct ieee80
 			    ic->ic_curmode == IEEE80211_MODE_11A ||
 			    (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME));
 			ni->ni_capinfo = scan.sp_capinfo;
-			/* XXX statistic */
 		}
 
 		if (scan.sp_wme != NULL && (ni->ni_flags & IEEE80211_NODE_QOS) &&

Index: src/sys/net80211/ieee80211_node.c
diff -u src/sys/net80211/ieee80211_node.c:1.73 src/sys/net80211/ieee80211_node.c:1.74
--- src/sys/net80211/ieee80211_node.c:1.73	Tue Jan 16 18:42:43 2018
+++ src/sys/net80211/ieee80211_node.c	Tue Jan 16 18:53:32 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ieee80211_node.c,v 1.73 2018/01/16 18:42:43 maxv Exp $	*/
+/*	$NetBSD: ieee80211_node.c,v 1.74 2018/01/16 18:53:32 maxv Exp $	*/
 /*-
  * Copyright (c) 2001 Atsushi Onoe
  * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -36,7 +36,7 @@
 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_node.c,v 1.65 2005/08/13 17:50:21 sam Exp $");
 #endif
 #ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.73 2018/01/16 18:42:43 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.74 2018/01/16 18:53:32 maxv Exp $");
 #endif
 
 #ifdef _KERNEL_OPT
@@ -1235,9 +1235,8 @@ saveie(u_int8_t **iep, const u_int8_t *i
  */
 void
 ieee80211_add_scan(struct ieee80211com *ic,
-	const struct ieee80211_scanparams *sp,
-	const struct ieee80211_frame *wh,
-	int subtype, int rssi, int rstamp)
+    const struct ieee80211_scanparams *sp, const struct ieee80211_frame *wh,
+    int subtype, int rssi, int rstamp)
 {
 #define	ISPROBE(_st)	((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
 	struct ieee80211_node_table *nt = &ic->ic_scan;
@@ -1255,6 +1254,7 @@ ieee80211_add_scan(struct ieee80211com *
 			return;
 		}
 		ieee80211_setup_node(nt, ni, wh->i_addr2);
+
 		/*
 		 * XXX inherit from ic_bss.
 		 */
@@ -1265,17 +1265,19 @@ ieee80211_add_scan(struct ieee80211com *
 		ni->ni_rsn = ic->ic_bss->ni_rsn;
 		newnode = 1;
 	}
+
 #ifdef IEEE80211_DEBUG
 	if (ieee80211_msg_scan(ic) && (ic->ic_flags & IEEE80211_F_SCAN))
 		dump_probe_beacon(subtype, newnode, wh->i_addr2, sp);
 #endif
+
 	/* XXX ap beaconing multiple ssid w/ same bssid */
-	if (sp->sp_ssid[1] != 0 &&
-	    (ISPROBE(subtype) || ni->ni_esslen == 0)) {
+	if (sp->sp_ssid[1] != 0 && (ISPROBE(subtype) || ni->ni_esslen == 0)) {
 		ni->ni_esslen = sp->sp_ssid[1];
 		memset(ni->ni_essid, 0, sizeof(ni->ni_essid));
 		memcpy(ni->ni_essid, sp->sp_ssid + 2, sp->sp_ssid[1]);
 	}
+
 	ni->ni_scangen = ic->ic_scan.nt_scangen;
 	IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
 	ni->ni_rssi = rssi;
@@ -1287,6 +1289,7 @@ ieee80211_add_scan(struct ieee80211com *
 	ni->ni_fhdwell = sp->sp_fhdwell;
 	ni->ni_fhindex = sp->sp_fhindex;
 	ni->ni_erp = sp->sp_erp;
+
 	if (sp->sp_tim != NULL) {
 		struct ieee80211_tim_ie *ie =
 		    (struct ieee80211_tim_ie *)sp->sp_tim;
@@ -1294,6 +1297,7 @@ ieee80211_add_scan(struct ieee80211com *
 		ni->ni_dtim_count = ie->tim_count;
 		ni->ni_dtim_period = ie->tim_period;
 	}
+
 	/*
 	 * Record the byte offset from the mac header to
 	 * the start of the TIM information element for
@@ -1301,6 +1305,7 @@ ieee80211_add_scan(struct ieee80211com *
 	 * processing of beacon frames.
 	 */
 	ni->ni_timoff = sp->sp_timoff;
+
 	/*
 	 * Record optional information elements that might be
 	 * used by applications or drivers.

CVS commit: src/sys/net80211

Reply via email to