Changeset 2348
- Timestamp:
- 05/18/07 06:58:44 (2 years ago)
- Files:
-
- trunk/net80211/ieee80211_input.c (modified) (3 diffs)
- trunk/net80211/ieee80211_node.c (modified) (2 diffs)
- trunk/net80211/ieee80211_scan.h (modified) (1 diff)
- trunk/net80211/ieee80211_var.h (modified) (1 diff)
- trunk/net80211/ieee80211_wireless.c (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/net80211/ieee80211_input.c
r2339 r2348 2768 2768 return; 2769 2769 } 2770 2770 2771 /* IEEE802.11 does not specify the allowed range for 2772 * beacon interval. We discard any beacons with a 2773 * beacon interval outside of an arbitrary range in 2774 * order to protect against attack. 2775 */ 2776 if (!(IEEE80211_BINTVAL_MIN <= scan.bintval && 2777 scan.bintval <= IEEE80211_BINTVAL_MAX)) { 2778 IEEE80211_DISCARD(vap, IEEE80211_MSG_SCAN, 2779 wh, "beacon", "invalid beacon interval (%u)", 2780 scan.bintval); 2781 return; 2782 } 2783 2771 2784 /* 2772 2785 * Count frame now that we know it's to be processed. … … 2896 2909 memcpy(ni->ni_tstamp.data, scan.tstamp, 2897 2910 sizeof(ni->ni_tstamp)); 2898 ni->ni_intval = scan.bintval;2911 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(scan.bintval); 2899 2912 ni->ni_capinfo = scan.capinfo; 2900 2913 ni->ni_chan = ic->ic_curchan; … … 3320 3333 ni->ni_rstamp = rstamp; 3321 3334 ni->ni_last_rx = jiffies; 3322 ni->ni_intval = bintval;3335 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(bintval); 3323 3336 ni->ni_capinfo = capinfo; 3324 3337 ni->ni_chan = ic->ic_curchan; trunk/net80211/ieee80211_node.c
r2334 r2348 661 661 ni->ni_rstamp = se->se_rstamp; 662 662 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 663 ni->ni_intval = se->se_intval;663 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(se->se_intval); 664 664 ni->ni_capinfo = se->se_capinfo; 665 665 ni->ni_chan = se->se_chan; … … 1216 1216 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1217 1217 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1218 ni->ni_intval = sp->bintval;1218 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(sp->bintval); 1219 1219 ni->ni_capinfo = sp->capinfo; 1220 1220 ni->ni_chan = ic->ic_curchan; trunk/net80211/ieee80211_scan.h
r2030 r2348 131 131 u_int8_t fhindex; 132 132 u_int8_t erp; 133 u_int 8_t bintval;133 u_int16_t bintval; 134 134 u_int8_t timoff; 135 135 u_int8_t *tim; trunk/net80211/ieee80211_var.h
r2314 r2348 61 61 #define IEEE80211_DTIM_DEFAULT 1 /* default DTIM period */ 62 62 63 #define IEEE80211_BINTVAL_MAX 500 /* max beacon interval (TU's) */63 #define IEEE80211_BINTVAL_MAX 1000 /* max beacon interval (TU's) */ 64 64 #define IEEE80211_BINTVAL_MIN 25 /* min beacon interval (TU's) */ 65 65 #define IEEE80211_BINTVAL_DEFAULT 100 /* default beacon interval (TU's) */ 66 #define IEEE80211_BINTVAL_VALID(_bi) \ 67 ((IEEE80211_BINTVAL_MIN <= (_bi)) && \ 68 ((_bi) <= IEEE80211_BINTVAL_MAX)) 69 #define IEEE80211_BINTVAL_SANITISE(_bi) \ 70 (IEEE80211_BINTVAL_VALID(_bi) ? \ 71 (_bi) : IEEE80211_BINTVAL_DEFAULT) 66 72 67 73 #define IEEE80211_BGSCAN_INTVAL_MIN 15 /* min bg scan intvl (secs) */ trunk/net80211/ieee80211_wireless.c
r2335 r2348 1274 1274 case IW_POWER_ALL_R: 1275 1275 case IW_POWER_ON: 1276 ic->ic_flags |= IEEE80211_F_PMGTON; 1277 1276 if (wrq->flags & IW_POWER_PERIOD) { 1277 if (IEEE80211_BINTVAL_VALID(wrq->value)) 1278 ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value); 1279 else 1280 return -EINVAL; 1281 } 1278 1282 if (wrq->flags & IW_POWER_TIMEOUT) 1279 1283 ic->ic_holdover = IEEE80211_MS_TO_TU(wrq->value); 1280 if (wrq->flags & IW_POWER_PERIOD)1281 ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value);1284 1285 ic->ic_flags |= IEEE80211_F_PMGTON; 1282 1286 break; 1283 1287 default: … … 2366 2370 vap->iv_opmode != IEEE80211_M_IBSS) 2367 2371 return -EINVAL; 2368 if (IEEE80211_BINTVAL_MIN <= value && 2369 value <= IEEE80211_BINTVAL_MAX) { 2372 if (IEEE80211_BINTVAL_VALID(value)) { 2370 2373 ic->ic_lintval = value; /* XXX multi-bss */ 2371 2374 retv = ENETRESET; /* requires restart */
