#1270: beacon_interval_range-fix.patch - madwifi.org - Trac

net80211/ieee80211_node.c

old	new
660	660	memcpy(ni->ni_essid, se->se_ssid + 2, ni->ni_esslen);
661	661	ni->ni_rstamp = se->se_rstamp;
662	662	ni->ni_tstamp.tsf = se->se_tstamp.tsf;
663		ni->ni_intval = ~~se->se_intval~~;
	663	ni->ni_intval = IEEE80211_BINTVAL_SANITISE(se->se_intval);
664	664	ni->ni_capinfo = se->se_capinfo;
665	665	ni->ni_chan = se->se_chan;
666	666	ni->ni_timoff = se->se_timoff;
…	…
1215	1215	memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]);
1216	1216	IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
1217	1217	memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp));
1218		ni->ni_intval = ~~sp->bintval~~;
	1218	ni->ni_intval = IEEE80211_BINTVAL_SANITISE(sp->bintval);
1219	1219	ni->ni_capinfo = sp->capinfo;
1220	1220	ni->ni_chan = ic->ic_curchan;
1221	1221	ni->ni_fhdwell = sp->fhdwell;

old	new
1273	1273	case IW_POWER_UNICAST_R:
1274	1274	case IW_POWER_ALL_R:
1275	1275	case IW_POWER_ON:
1276		ic->ic_flags \|= IEEE80211_F_PMGTON;
1277
	1276	if (wrq->flags & IW_POWER_PERIOD) {
	1277	if (IEEE80211_BINTVAL_VALID(wrq->value))
	1278	ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value);
	1279	else
	1280	return -EINVAL;
	1281	}
1278	1282	if (wrq->flags & IW_POWER_TIMEOUT)
1279	1283	ic->ic_holdover = IEEE80211_MS_TO_TU(wrq->value);
1280		~~if (wrq->flags & IW_POWER_PERIOD)~~
1281		~~ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value)~~;
	1284
	1285	ic->ic_flags \|= IEEE80211_F_PMGTON;
1282	1286	break;
1283	1287	default:
1284	1288	return -EINVAL;
…	…
2365	2369	if (vap->iv_opmode != IEEE80211_M_HOSTAP &&
2366	2370	vap->iv_opmode != IEEE80211_M_IBSS)
2367	2371	return -EINVAL;
2368		if (IEEE80211_BINTVAL_MIN <= value &&
2369		value <= IEEE80211_BINTVAL_MAX) {
	2372	if (IEEE80211_BINTVAL_VALID(value)) {
2370	2373	ic->ic_lintval = value; /* XXX multi-bss */
2371	2374	retv = ENETRESET; /* requires restart */
2372	2375	} else

old	new
2748	2748	vap->iv_stats.is_rx_chanmismatch++;
2749	2749	return;
2750	2750	}
2751
	2751
	2752	/* IEEE802.11 does not specify the allowed range for
	2753	* beacon interval. We discard any beacons with a
	2754	* beacon interval outside of an arbitrary range in
	2755	* order to protect against attack.
	2756	*/
	2757	if (!(IEEE80211_BINTVAL_MIN <= scan.bintval &&
	2758	scan.bintval <= IEEE80211_BINTVAL_MAX)) {
	2759	IEEE80211_DISCARD(vap, IEEE80211_MSG_SCAN,
	2760	wh, "beacon", "invalid beacon interval (%u)",
	2761	scan.bintval);
	2762	return;
	2763	}
	2764
2752	2765	/*
2753	2766	* Count frame now that we know it's to be processed.
2754	2767	*/
…	…
2876	2889	IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
2877	2890	memcpy(ni->ni_tstamp.data, scan.tstamp,
2878	2891	sizeof(ni->ni_tstamp));
2879		ni->ni_intval = ~~scan.bintval~~;
	2892	ni->ni_intval = IEEE80211_BINTVAL_SANITISE(scan.bintval);
2880	2893	ni->ni_capinfo = scan.capinfo;
2881	2894	ni->ni_chan = ic->ic_curchan;
2882	2895	ni->ni_fhdwell = scan.fhdwell;
…	…
3300	3313	ni->ni_rssi = rssi;
3301	3314	ni->ni_rstamp = rstamp;
3302	3315	ni->ni_last_rx = jiffies;
3303		ni->ni_intval = ~~bintval~~;
	3316	ni->ni_intval = IEEE80211_BINTVAL_SANITISE(bintval);
3304	3317	ni->ni_capinfo = capinfo;
3305	3318	ni->ni_chan = ic->ic_curchan;
3306	3319	ni->ni_fhdwell = vap->iv_bss->ni_fhdwell;

old	new
60	60	#define IEEE80211_DTIM_MIN 1 /* min DTIM period */
61	61	#define IEEE80211_DTIM_DEFAULT 1 /* default DTIM period */
62	62
63		#define IEEE80211_BINTVAL_MAX 500 /* max beacon interval (TU's) */
	63	#define IEEE80211_BINTVAL_MAX 1000 /* max beacon interval (TU's) */
64	64	#define IEEE80211_BINTVAL_MIN 25 /* min beacon interval (TU's) */
65	65	#define IEEE80211_BINTVAL_DEFAULT 100 /* default beacon interval (TU's) */
	66	#define IEEE80211_BINTVAL_VALID(_bi) \
	67	((IEEE80211_BINTVAL_MIN <= (_bi)) && \
	68	((_bi) <= IEEE80211_BINTVAL_MAX))
	69	#define IEEE80211_BINTVAL_SANITISE(_bi) \
	70	(IEEE80211_BINTVAL_VALID(_bi) ? \
	71	(_bi) : IEEE80211_BINTVAL_DEFAULT)
66	72
67	73	#define IEEE80211_BGSCAN_INTVAL_MIN 15 /* min bg scan intvl (secs) */
68	74	#define IEEE80211_BGSCAN_INTVAL_DEFAULT (560) / default bg scan intvl */