CVS commit: src/sys/net80211

Thu, 18 Jan 2018 23:53:15 -0800 

Module Name:    src
Committed By:   maxv
Date:           Fri Jan 19 07:52:37 UTC 2018

Modified Files:
        src/sys/net80211: ieee80211_crypto.c

Log Message:
Style, and make sure that there is a header+trailer included in the
packet. The crypto functions can touch the trailer, but they don't check
whether it's there in the first place.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/sys/net80211/ieee80211_crypto.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net80211/ieee80211_crypto.c
diff -u src/sys/net80211/ieee80211_crypto.c:1.20 src/sys/net80211/ieee80211_crypto.c:1.21
--- src/sys/net80211/ieee80211_crypto.c:1.20	Wed Jan 17 17:41:38 2018
+++ src/sys/net80211/ieee80211_crypto.c	Fri Jan 19 07:52:37 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ieee80211_crypto.c,v 1.20 2018/01/17 17:41:38 maxv Exp $	*/
+/*	$NetBSD: ieee80211_crypto.c,v 1.21 2018/01/19 07:52:37 maxv Exp $	*/
 
 /*
  * Copyright (c) 2001 Atsushi Onoe
@@ -37,7 +37,7 @@
 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $");
 #endif
 #ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.20 2018/01/17 17:41:38 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.21 2018/01/19 07:52:37 maxv Exp $");
 #endif
 
 #ifdef _KERNEL_OPT
@@ -48,7 +48,7 @@ __KERNEL_RCSID(0, "$NetBSD: ieee80211_cr
  * IEEE 802.11 generic crypto support.
  */
 #include <sys/param.h>
-#include <sys/mbuf.h>   
+#include <sys/mbuf.h>
 
 #include <sys/socket.h>
 #include <sys/sockio.h>
@@ -72,7 +72,7 @@ __KERNEL_RCSID(0, "$NetBSD: ieee80211_cr
 static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX];
 
 #ifdef INET
-#include <netinet/in.h> 
+#include <netinet/in.h>
 #include <net/if_ether.h>
 #endif
 
@@ -136,7 +136,7 @@ cipher_detach(struct ieee80211_key *key)
 	key->wk_cipher->ic_detach(key);
 }
 
-/* 
+/*
  * Wrappers for driver key management methods.
  */
 static __inline int
@@ -605,7 +605,12 @@ ieee80211_crypto_decap(struct ieee80211c
 	struct mbuf *m = *mp;
 	u_int8_t keyid;
 
-	/* NB: this minimum size data frame could be bigger */
+	KASSERT((m->m_flags & M_PKTHDR) != 0);
+
+	/*
+	 * This minimum size data frame could be bigger. It is re-checked
+	 * below.
+	 */
 	if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) {
 		IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY,
 			"%s: WEP data frame too short, len %u\n",
@@ -646,5 +651,16 @@ ieee80211_crypto_decap(struct ieee80211c
 		return NULL;
 	}
 
+	/*
+	 * Ensure there is a header+trailer included.
+	 */
+	if (m->m_pkthdr.len < hdrlen + cip->ic_header + cip->ic_trailer) {
+		IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY,
+			"%s: WEP data frame too short, len %u\n",
+			__func__, m->m_pkthdr.len);
+		ic->ic_stats.is_rx_tooshort++;
+		return NULL;
+	}
+
 	return (cip->ic_decap(k, m, hdrlen) ? k : NULL);
 }

Reply via email to