diff options
author | sam <sam@FreeBSD.org> | 2009-01-27 23:42:14 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2009-01-27 23:42:14 +0000 |
commit | da982ab4bb3c46e8f7b79505af22ab81c14111a1 (patch) | |
tree | 1b17c29fdd54d05da1600cf8e10ab2600e8205fe /sys/net80211 | |
parent | b9b96b31bdf0b1f51b5f5c6a85490deee9187597 (diff) | |
download | FreeBSD-src-da982ab4bb3c46e8f7b79505af22ab81c14111a1.zip FreeBSD-src-da982ab4bb3c46e8f7b79505af22ab81c14111a1.tar.gz |
Remove assumptions about the max # channels in ioctl's:
o change ioctl's that pass channel lists in/out to handle variable-size
arrays instead of a fixed (compile-time) value; we do this in a way
that maintains binary compatibility
o change ifconfig so all channel list data structures are now allocated
to hold MAXCHAN entries (1536); this, for example, allows the kernel
to return > IEEE80211_CHAN_MAX entries for calls like IEEE80211_IOC_DEVCAPS
Diffstat (limited to 'sys/net80211')
-rw-r--r-- | sys/net80211/ieee80211_ioctl.c | 76 | ||||
-rw-r--r-- | sys/net80211/ieee80211_ioctl.h | 27 |
2 files changed, 73 insertions, 30 deletions
diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c index f8bd234..6450988 100644 --- a/sys/net80211/ieee80211_ioctl.c +++ b/sys/net80211/ieee80211_ioctl.c @@ -696,21 +696,27 @@ ieee80211_ioctl_getdevcaps(struct ieee80211com *ic, { struct ieee80211_devcaps_req *dc; struct ieee80211req_chaninfo *ci; - int error; + int maxchans, error; - if (ireq->i_len != sizeof(struct ieee80211_devcaps_req)) + maxchans = 1 + ((ireq->i_len - sizeof(struct ieee80211_devcaps_req)) / + sizeof(struct ieee80211_channel)); + /* NB: require 1 so we know ic_nchans is accessible */ + if (maxchans < 1) return EINVAL; - dc = (struct ieee80211_devcaps_req *) malloc( - sizeof(struct ieee80211_devcaps_req), M_TEMP, M_NOWAIT | M_ZERO); + /* constrain max request size, 2K channels is ~24Kbytes */ + if (maxchans > 2048) + maxchans = 2048; + dc = (struct ieee80211_devcaps_req *) + malloc(IEEE80211_DEVCAPS_SIZE(maxchans), M_TEMP, M_NOWAIT | M_ZERO); if (dc == NULL) return ENOMEM; dc->dc_drivercaps = ic->ic_caps; dc->dc_cryptocaps = ic->ic_cryptocaps; dc->dc_htcaps = ic->ic_htcaps; ci = &dc->dc_chaninfo; - ic->ic_getradiocaps(ic, IEEE80211_CHAN_MAX, &ci->ic_nchans, ci->ic_chans); + ic->ic_getradiocaps(ic, maxchans, &ci->ic_nchans, ci->ic_chans); ieee80211_sort_channels(ci->ic_chans, ci->ic_nchans); - error = copyout(dc, ireq->i_data, sizeof(*dc)); + error = copyout(dc, ireq->i_data, IEEE80211_DEVCAPS_SPACE(dc)); free(dc, M_TEMP); return error; } @@ -1566,17 +1572,21 @@ static __noinline int ieee80211_ioctl_setchanlist(struct ieee80211vap *vap, struct ieee80211req *ireq) { struct ieee80211com *ic = vap->iv_ic; - struct ieee80211req_chanlist list; - u_char chanlist[IEEE80211_CHAN_BYTES]; - int i, nchan, error; + uint8_t *chanlist, *list; + int i, nchan, maxchan, error; - if (ireq->i_len != sizeof(list)) - return EINVAL; - error = copyin(ireq->i_data, &list, sizeof(list)); + if (ireq->i_len > sizeof(ic->ic_chan_active)) + ireq->i_len = sizeof(ic->ic_chan_active); + list = malloc(ireq->i_len + IEEE80211_CHAN_BYTES, M_TEMP, + M_NOWAIT | M_ZERO); + if (list == NULL) + return ENOMEM; + error = copyin(ireq->i_data, list, ireq->i_len); if (error) return error; - memset(chanlist, 0, sizeof(chanlist)); nchan = 0; + chanlist = list + ireq->i_len; /* NB: zero'd already */ + maxchan = ireq->i_len * NBBY; for (i = 0; i < ic->ic_nchans; i++) { const struct ieee80211_channel *c = &ic->ic_channels[i]; /* @@ -1584,7 +1594,7 @@ ieee80211_ioctl_setchanlist(struct ieee80211vap *vap, struct ieee80211req *ireq) * available channels so users can do things like specify * 1-255 to get all available channels. */ - if (isset(list.ic_channels, c->ic_ieee)) { + if (c->ic_ieee < maxchan && isset(list, c->ic_ieee)) { setbit(chanlist, c->ic_ieee); nchan++; } @@ -1594,8 +1604,9 @@ ieee80211_ioctl_setchanlist(struct ieee80211vap *vap, struct ieee80211req *ireq) if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && /* XXX */ isclr(chanlist, ic->ic_bsschan->ic_ieee)) ic->ic_bsschan = IEEE80211_CHAN_ANYC; - memcpy(ic->ic_chan_active, chanlist, sizeof(ic->ic_chan_active)); + memcpy(ic->ic_chan_active, chanlist, IEEE80211_CHAN_BYTES); ieee80211_scan_flush(vap); + free(list, M_TEMP); return ENETRESET; } @@ -1993,17 +2004,34 @@ ieee80211_ioctl_setregdomain(struct ieee80211vap *vap, const struct ieee80211req *ireq) { struct ieee80211_regdomain_req *reg; - int error; - - if (ireq->i_len != sizeof(struct ieee80211_regdomain_req)) + int nchans, error; + + nchans = 1 + ((ireq->i_len - sizeof(struct ieee80211_regdomain_req)) / + sizeof(struct ieee80211_channel)); + if (!(1 <= nchans && nchans <= IEEE80211_CHAN_MAX)) { + IEEE80211_DPRINTF(vap, IEEE80211_MSG_IOCTL, + "%s: bad # chans, i_len %d nchans %d\n", __func__, + ireq->i_len, nchans); return EINVAL; - reg = (struct ieee80211_regdomain_req *) malloc( - sizeof(struct ieee80211_regdomain_req), M_TEMP, M_NOWAIT); - if (reg == NULL) + } + reg = (struct ieee80211_regdomain_req *) + malloc(IEEE80211_REGDOMAIN_SIZE(nchans), M_TEMP, M_NOWAIT); + if (reg == NULL) { + IEEE80211_DPRINTF(vap, IEEE80211_MSG_IOCTL, + "%s: no memory, nchans %d\n", __func__, nchans); return ENOMEM; - error = copyin(ireq->i_data, reg, sizeof(*reg)); - if (error == 0) - error = ieee80211_setregdomain(vap, reg); + } + error = copyin(ireq->i_data, reg, IEEE80211_REGDOMAIN_SIZE(nchans)); + if (error == 0) { + /* NB: validate inline channel count against storage size */ + if (reg->chaninfo.ic_nchans != nchans) { + IEEE80211_DPRINTF(vap, IEEE80211_MSG_IOCTL, + "%s: chan cnt mismatch, %d != %d\n", __func__, + reg->chaninfo.ic_nchans, nchans); + error = EINVAL; + } else + error = ieee80211_setregdomain(vap, reg); + } free(reg, M_TEMP); return (error == 0 ? ENETRESET : error); diff --git a/sys/net80211/ieee80211_ioctl.h b/sys/net80211/ieee80211_ioctl.h index 19c94b4..367f505 100644 --- a/sys/net80211/ieee80211_ioctl.h +++ b/sys/net80211/ieee80211_ioctl.h @@ -299,13 +299,13 @@ struct ieee80211req_maclist { }; /* - * Set the active channel list. Note this list is - * intersected with the available channel list in - * calculating the set of channels actually used in - * scanning. + * Set the active channel list by IEEE channel #: each channel + * to be marked active is set in a bit vector. Note this list is + * intersected with the available channel list in calculating + * the set of channels actually used in scanning. */ struct ieee80211req_chanlist { - uint8_t ic_channels[IEEE80211_CHAN_BYTES]; + uint8_t ic_channels[32]; /* NB: can be variable length */ }; /* @@ -313,8 +313,13 @@ struct ieee80211req_chanlist { */ struct ieee80211req_chaninfo { u_int ic_nchans; - struct ieee80211_channel ic_chans[IEEE80211_CHAN_MAX]; + struct ieee80211_channel ic_chans[1]; /* NB: variable length */ }; +#define IEEE80211_CHANINFO_SIZE(_nchan) \ + (sizeof(struct ieee80211req_chaninfo) + \ + (((_nchan)-1) * sizeof(struct ieee80211_channel))) +#define IEEE80211_CHANINFO_SPACE(_ci) \ + IEEE80211_CHANINFO_SIZE((_ci)->ic_nchans) /* * Retrieve the WPA/RSN information element for an associated station. @@ -463,6 +468,11 @@ struct ieee80211_regdomain_req { struct ieee80211_regdomain rd; struct ieee80211req_chaninfo chaninfo; }; +#define IEEE80211_REGDOMAIN_SIZE(_nchan) \ + (sizeof(struct ieee80211_regdomain_req) + \ + (((_nchan)-1) * sizeof(struct ieee80211_channel))) +#define IEEE80211_REGDOMAIN_SPACE(_req) \ + IEEE80211_REGDOMAIN_SIZE((_req)->chaninfo.ic_nchans) /* * Get driver capabilities. Driver, hardware crypto, and @@ -475,6 +485,11 @@ struct ieee80211_devcaps_req { uint32_t dc_htcaps; /* HT/802.11n support */ struct ieee80211req_chaninfo dc_chaninfo; }; +#define IEEE80211_DEVCAPS_SIZE(_nchan) \ + (sizeof(struct ieee80211_devcaps_req) + \ + (((_nchan)-1) * sizeof(struct ieee80211_channel))) +#define IEEE80211_DEVCAPS_SPACE(_dc) \ + IEEE80211_DEVCAPS_SIZE((_dc)->dc_chaninfo.ic_nchans) struct ieee80211_chanswitch_req { struct ieee80211_channel csa_chan; /* new channel */ |