diff options
| author | sam <sam@FreeBSD.org> | 2005-08-08 03:30:57 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2005-08-08 03:30:57 +0000 |
| commit | a71123cebfbc9af46b53dec14375534ae5c7076e (patch) | |
| tree | b61ffe07bac4a6b4eaff6820d88a3707be5fc831 /sys/net80211/ieee80211_input.c | |
| parent | 3060bdb6720112effa149af05f489daf4dc779ff (diff) | |
| download | FreeBSD-src-a71123cebfbc9af46b53dec14375534ae5c7076e.zip FreeBSD-src-a71123cebfbc9af46b53dec14375534ae5c7076e.tar.gz | |
Cleanup beacon/listen interval handling:
o separate configured beacon interval from listen interval; this
avoids potential use of one value for the other (e.g. setting
powersavesleep to 0 clobbers the beacon interval used in hostap
or ibss mode)
o bounds check the beacon interval received in probe response and
beacon frames and drop frames with bogus settings; not clear
if we should instead clamp the value as any alteration would
result in mismatched sta+ap configuration and probably be more
confusing (don't want to log to the console but perhaps ok with
rate limiting)
o while here up max beacon interval to reflect WiFi standard
Noticed by: Martin <nakal@nurfuerspam.de>
MFC after: 1 week
Diffstat (limited to 'sys/net80211/ieee80211_input.c')
| -rw-r--r-- | sys/net80211/ieee80211_input.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index 808479d..8a6a499 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -1901,6 +1901,16 @@ ieee80211_recv_mgmt(struct ieee80211com *ic, struct mbuf *m0, ic->ic_stats.is_rx_chanmismatch++; return; } + if (!(IEEE80211_BINTVAL_MIN <= bintval && + bintval <= IEEE80211_BINTVAL_MAX)) { + IEEE80211_DISCARD(ic, + IEEE80211_MSG_ELEMID | IEEE80211_MSG_INPUT, + wh, ieee80211_mgt_subtype_name[subtype >> + IEEE80211_FC0_SUBTYPE_SHIFT], + "bogus beacon interval", bintval); + ic->ic_stats.is_rx_badbintval++; + return; + } /* * Count frame now that we know it's to be processed. @@ -2201,7 +2211,7 @@ ieee80211_recv_mgmt(struct ieee80211com *ic, struct mbuf *m0, case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: { - u_int16_t capinfo, bintval; + u_int16_t capinfo, lintval; struct ieee80211_rsnparms rsn; u_int8_t reason; @@ -2238,7 +2248,7 @@ ieee80211_recv_mgmt(struct ieee80211com *ic, struct mbuf *m0, return; } capinfo = le16toh(*(u_int16_t *)frm); frm += 2; - bintval = le16toh(*(u_int16_t *)frm); frm += 2; + lintval = le16toh(*(u_int16_t *)frm); frm += 2; if (reassoc) frm += 6; /* ignore current AP info */ ssid = rates = xrates = wpa = wme = NULL; @@ -2366,7 +2376,7 @@ ieee80211_recv_mgmt(struct ieee80211com *ic, struct mbuf *m0, } ni->ni_rssi = rssi; ni->ni_rstamp = rstamp; - ni->ni_intval = bintval; + ni->ni_intval = lintval; ni->ni_capinfo = capinfo; ni->ni_chan = ic->ic_bss->ni_chan; ni->ni_fhdwell = ic->ic_bss->ni_fhdwell; |
