Navigation

← Previous Changeset
Next Changeset →

Changeset 2736

Timestamp:

10/11/07 17:40:49 (1 year ago)

Author:

mentor

Message:

If a rates information element is received that is larger than we will accept, simply take the first maximum size elements and continue, rather than BUG'ing out.

Files:

madwifi/trunk/net80211/_ieee80211.h (modified) (1 diff)
madwifi/trunk/net80211/ieee80211_scan_ap.c (modified) (1 diff)
madwifi/trunk/net80211/ieee80211_scan_sta.c (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

madwifi/trunk/net80211/_ieee80211.h

r2513	r2736
226	226	#define IEEE80211_RATE_SIZE 8 /* 802.11 standard */
227	227	#define IEEE80211_RATE_MAXSIZE 15 /* max rates we'll handle */
	228	#define IEEE80211_SANITISE_RATESIZE(_rsz) \
	229	((_rsz > IEEE80211_RATE_MAXSIZE) ? IEEE80211_RATE_MAXSIZE : _rsz)
228	230
229	231	struct ieee80211_rateset {

madwifi/trunk/net80211/ieee80211_scan_ap.c

r2731	r2736
512	512	TAILQ_INSERT_TAIL(&as->as_entry, se, se_list);
513	513	LIST_INSERT_HEAD(&as->as_hash[hash], se, se_hash);
	514
514	515	found:
515	516	ise = &se->base;
516		/* XXX ap beaconing multiple ssid w/ same bssid */
517		if (sp->ssid[1] != 0 &&
518		((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) \|\| ise->se_ssid[1] == 0))
519		{
	517
	518	/* XXX: AP beaconing multiple SSID w/ same BSSID */
	519	if ((sp->ssid[1] != 0) &&
	520	((subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) \|\|
	521	(ise->se_ssid[1] == 0)))
520	522	memcpy(ise->se_ssid, sp->ssid, 2 + sp->ssid[1]);
521		}
522		KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE,
523		("rate set too large: %u", sp->rates[1]));
524		memcpy(ise->se_rates, sp->rates, 2 + sp->rates[1]);
	523
	524	memcpy(ise->se_rates, sp->rates,
	525	IEEE80211_SANITISE_RATESIZE(2 + sp->rates[1]));
525	526	if (sp->xrates != NULL) {
526		/* XXX validate xrates[1] */
527		KASSERT(sp->xrates[1] <= IEEE80211_RATE_MAXSIZE,
528		("xrate set too large: %u", sp->xrates[1]));
529		memcpy(ise->se_xrates, sp->xrates, 2 + sp->xrates[1]);
	527	memcpy(ise->se_xrates, sp->xrates,
	528	IEEE80211_SANITISE_RATESIZE(2 + sp->xrates[1]));
530	529	} else
531	530	ise->se_xrates[1] = 0;
	531
532	532	IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3);
533		/*
534		* Record rssi data using extended precision LPF filter.
535		*/
536		if (se->se_lastupdate == 0) /* first sample */
	533
	534	/* Record RSSI data using extended precision LPF filter.*/
	535	if (se->se_lastupdate == 0) /* First sample */
537	536	se->se_avgrssi = RSSI_IN(rssi);
538		else /* ~~avg~~ w/ previous samples */
	537	else /* Avg. w/ previous samples */
539	538	RSSI_LPF(se->se_avgrssi, rssi);
540	539	se->base.se_rssi = RSSI_GET(se->se_avgrssi);

madwifi/trunk/net80211/ieee80211_scan_sta.c

r2648	r2736
248	248	TAILQ_INSERT_TAIL(&st->st_entry, se, se_list);
249	249	LIST_INSERT_HEAD(&st->st_hash[hash], se, se_hash);
	250
250	251	found:
251	252	ise = &se->base;
	253
252	254	/* XXX ap beaconing multiple ssid w/ same bssid */
253	255	if (sp->ssid[1] != 0 &&
254	256	(ISPROBE(subtype) \|\| ise->se_ssid[1] == 0))
255	257	memcpy(ise->se_ssid, sp->ssid, 2 + sp->ssid[1]);
256		KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE,
257		~~("rate set too large: %u", sp->rates[1]));~~
258		~~memcpy(ise->se_rates, sp->rates, 2 + sp->rates[1]~~);
	258
	259	memcpy(ise->se_rates, sp->rates,
	260	2 + IEEE80211_SANITISE_RATESIZE(sp->rates[1]));
259	261	if (sp->xrates != NULL) {
260		/* XXX validate xrates[1] */
261		KASSERT(sp->xrates[1] <= IEEE80211_RATE_MAXSIZE,
262		("xrate set too large: %u", sp->xrates[1]));
263		memcpy(ise->se_xrates, sp->xrates, 2 + sp->xrates[1]);
	262	memcpy(ise->se_xrates, sp->xrates,
	263	2 + IEEE80211_SANITISE_RATESIZE(sp->xrates[1]));
264	264	} else
265	265	ise->se_xrates[1] = 0;
	266
266	267	IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3);
267	268	/*

Download in other formats:

Unified Diff