diff options
| author | sam <sam@FreeBSD.org> | 2009-05-29 23:41:31 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2009-05-29 23:41:31 +0000 |
| commit | 36bf6c9b02de093f113d81dc2ba7c54d7ba93926 (patch) | |
| tree | 9787d1f6e3cc4539910d1507c1a24f4aee473ecf | |
| parent | a025c3b40e2c37699d82b576a11975bb3c4c06c3 (diff) | |
| download | FreeBSD-src-36bf6c9b02de093f113d81dc2ba7c54d7ba93926.zip FreeBSD-src-36bf6c9b02de093f113d81dc2ba7c54d7ba93926.tar.gz | |
validate tx rate(s) in the raw xmit path
Tested by: "Paul B. Mahol" <onemda@gmail.com> (rum, bwi)
| -rw-r--r-- | sys/dev/bwi/if_bwi.c | 17 | ||||
| -rw-r--r-- | sys/dev/iwn/if_iwn.c | 6 | ||||
| -rw-r--r-- | sys/dev/ral/rt2560.c | 6 | ||||
| -rw-r--r-- | sys/dev/usb/wlan/if_rum.c | 6 | ||||
| -rw-r--r-- | sys/dev/usb/wlan/if_ural.c | 6 |
5 files changed, 30 insertions, 11 deletions
diff --git a/sys/dev/bwi/if_bwi.c b/sys/dev/bwi/if_bwi.c index 48580a5..a7cc732 100644 --- a/sys/dev/bwi/if_bwi.c +++ b/sys/dev/bwi/if_bwi.c @@ -3126,6 +3126,7 @@ bwi_encap_raw(struct bwi_softc *sc, int idx, struct mbuf *m, { struct ifnet *ifp = sc->sc_ifp; struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211com *ic = ni->ni_ic; struct bwi_ring_data *rd = &sc->sc_tx_rdata[BWI_TX_DATA_RING]; struct bwi_txbuf_data *tbd = &sc->sc_tx_bdata[BWI_TX_DATA_RING]; struct bwi_txbuf *tb = &tbd->tbd_buf[idx]; @@ -3152,8 +3153,20 @@ bwi_encap_raw(struct bwi_softc *sc, int idx, struct mbuf *m, * Find TX rate */ rate = params->ibp_rate0; - rate_fb = (params->ibp_try1 != 0) ? - params->ibp_rate1 : params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { + /* XXX fall back to mcast/mgmt rate? */ + m_freem(m0); + return EINVAL; + } + if (params->ibp_try1 != 0) { + rate_fb = params->ibp_rate1; + if (!ieee80211_isratevalid(ic->ic_rt, rate_fb)) { + /* XXX fall back to rate0? */ + m_freem(m0); + return EINVAL; + } + } else + rate_fb = rate; tb->tb_rate[0] = rate; tb->tb_rate[1] = rate_fb; sc->sc_tx_rate = rate; diff --git a/sys/dev/iwn/if_iwn.c b/sys/dev/iwn/if_iwn.c index cc12828..b520d8d 100644 --- a/sys/dev/iwn/if_iwn.c +++ b/sys/dev/iwn/if_iwn.c @@ -2227,6 +2227,7 @@ iwn_tx_data_raw(struct iwn_softc *sc, struct mbuf *m0, const struct ieee80211_bpf_params *params) { struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211com *ic = ni->ni_ic; struct iwn_tx_cmd *cmd; struct iwn_cmd_data *tx; struct ieee80211_frame *wh; @@ -2263,6 +2264,11 @@ iwn_tx_data_raw(struct iwn_softc *sc, struct mbuf *m0, /* pick a tx rate */ rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { + /* XXX fall back to mcast/mgmt rate? */ + m_freem(m0); + return EINVAL; + } if (ieee80211_radiotap_active_vap(vap)) { struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; diff --git a/sys/dev/ral/rt2560.c b/sys/dev/ral/rt2560.c index 95c5ebd..7bb785c 100644 --- a/sys/dev/ral/rt2560.c +++ b/sys/dev/ral/rt2560.c @@ -1715,6 +1715,7 @@ rt2560_tx_raw(struct rt2560_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) { struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211com *ic = ni->ni_ic; struct rt2560_tx_desc *desc; struct rt2560_tx_data *data; bus_dma_segment_t segs[RT2560_MAX_SCATTER]; @@ -1724,9 +1725,8 @@ rt2560_tx_raw(struct rt2560_softc *sc, struct mbuf *m0, desc = &sc->prioq.desc[sc->prioq.cur]; data = &sc->prioq.data[sc->prioq.cur]; - rate = params->ibp_rate0 & IEEE80211_RATE_VAL; - /* XXX validate */ - if (rate == 0) { + rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { /* XXX fall back to mcast/mgmt rate? */ m_freem(m0); return EINVAL; diff --git a/sys/dev/usb/wlan/if_rum.c b/sys/dev/usb/wlan/if_rum.c index bd4fe99..fe86ac7 100644 --- a/sys/dev/usb/wlan/if_rum.c +++ b/sys/dev/usb/wlan/if_rum.c @@ -1137,6 +1137,7 @@ static int rum_tx_raw(struct rum_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) { + struct ieee80211com *ic = ni->ni_ic; struct rum_tx_data *data; uint32_t flags; int rate, error; @@ -1144,9 +1145,8 @@ rum_tx_raw(struct rum_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, RUM_LOCK_ASSERT(sc, MA_OWNED); KASSERT(params != NULL, ("no raw xmit params")); - rate = params->ibp_rate0 & IEEE80211_RATE_VAL; - /* XXX validate */ - if (rate == 0) { + rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { m_freem(m0); return EINVAL; } diff --git a/sys/dev/usb/wlan/if_ural.c b/sys/dev/usb/wlan/if_ural.c index 922e6ed..83e279ce 100644 --- a/sys/dev/usb/wlan/if_ural.c +++ b/sys/dev/usb/wlan/if_ural.c @@ -1192,6 +1192,7 @@ static int ural_tx_raw(struct ural_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) { + struct ieee80211com *ic = ni->ni_ic; struct ural_tx_data *data; uint32_t flags; int error; @@ -1200,9 +1201,8 @@ ural_tx_raw(struct ural_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, RAL_LOCK_ASSERT(sc, MA_OWNED); KASSERT(params != NULL, ("no raw xmit params")); - rate = params->ibp_rate0 & IEEE80211_RATE_VAL; - /* XXX validate */ - if (rate == 0) { + rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { m_freem(m0); return EINVAL; } |
