htprot sanity check

Mon, 25 Jan 2016 05:05:57 -0800 

Don't try to interpret htprot data if the last beacon didn't
contain any such data. In other words, ensure we copied data
from the beacon to ni->ni_htop1 before using ni->ni_htop1.

Note that read and write of ni->ni_htop1 are not visible in
this diff's context, but happen close-by in surrounding lines.

Index: ieee80211_input.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
retrieving revision 1.152
diff -u -p -r1.152 ieee80211_input.c
--- ieee80211_input.c   25 Jan 2016 11:27:11 -0000      1.152
+++ ieee80211_input.c   25 Jan 2016 12:43:02 -0000
@@ -1579,8 +1579,8 @@ ieee80211_recv_probe_resp(struct ieee802
 
        if (htcaps)
                ieee80211_setup_htcaps(ni, htcaps + 2, htcaps[1]);
-       if (htop)
-               ieee80211_setup_htop(ni, htop + 2, htop[1]);
+       if (htop && !ieee80211_setup_htop(ni, htop + 2, htop[1]))
+               htop = NULL; /* invalid HTOP */
 
        /*
         * When operating in station mode, check for state updates
@@ -1603,7 +1603,7 @@ ieee80211_recv_probe_resp(struct ieee802
                                ic->ic_flags &= ~IEEE80211_F_USEPROT;
                        ic->ic_bss->ni_erp = erp;
                }
-               if (ic->ic_bss->ni_flags & IEEE80211_NODE_HT) {
+               if (htop && (ic->ic_bss->ni_flags & IEEE80211_NODE_HT)) {
                        enum ieee80211_htprot htprot_last, htprot;
                        htprot_last =
                            ((ic->ic_bss->ni_htop1 & IEEE80211_HTOP1_PROT_MASK)
Index: ieee80211_node.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.97
diff -u -p -r1.97 ieee80211_node.c
--- ieee80211_node.c    7 Jan 2016 23:22:31 -0000       1.97
+++ ieee80211_node.c    25 Jan 2016 12:46:50 -0000
@@ -1308,12 +1308,12 @@ ieee80211_setup_htcaps(struct ieee80211_
 /*
  * Install received HT op information in the node's state block.
  */
-void
+int
 ieee80211_setup_htop(struct ieee80211_node *ni, const uint8_t *data,
     uint8_t len)
 {
        if (len != 22)
-               return;
+               return 0;
 
        ni->ni_primary_chan = data[0]; /* XXX corresponds to ni_chan */
 
@@ -1322,6 +1322,8 @@ ieee80211_setup_htop(struct ieee80211_no
        ni->ni_htop2 = (data[3] | (data[4] << 8));
 
        memcpy(ni->ni_basic_mcs, &data[6], sizeof(ni->ni_basic_mcs));
+
+       return 1;
 }
 
 /*
Index: ieee80211_node.h
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.h,v
retrieving revision 1.52
diff -u -p -r1.52 ieee80211_node.h
--- ieee80211_node.h    7 Jan 2016 23:22:31 -0000       1.52
+++ ieee80211_node.h    21 Jan 2016 01:53:03 -0000
@@ -353,7 +353,7 @@ extern      void ieee80211_clean_cached(struc
 extern void ieee80211_clean_nodes(struct ieee80211com *, int);
 void ieee80211_setup_htcaps(struct ieee80211_node *, const uint8_t *,
     uint8_t);
-void ieee80211_setup_htop(struct ieee80211_node *, const uint8_t *,
+int ieee80211_setup_htop(struct ieee80211_node *, const uint8_t *,
     uint8_t);
 extern int ieee80211_setup_rates(struct ieee80211com *,
            struct ieee80211_node *, const u_int8_t *, const u_int8_t *, int);

Reply via email to