diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2009-05-24 10:42:30 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2009-06-03 14:05:10 -0400 |
| commit | 51b50fbeb574f581c0b112e035541f42fa3e604a (patch) | |
| tree | 2e2b75a4863b7d9d9b8bcdd3cf56be66414d83bb | |
| parent | 6b347bff145f9a8a0972ca8fc3c44dd1f91b0f16 (diff) | |
cfg80211: validate AID of stations being added
We have some validation code in mac80211 but said code will
force an invalid AID to 0 which isn't a valid AID either;
instead require a valid AID (1-2007) to be passed in from
userspace in cfg80211 already. Also move the code before
the race comment since it can only be executed during STA
addition and thus is not racy.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
| -rw-r--r-- | net/mac80211/cfg.c | 13 | ||||
| -rw-r--r-- | net/wireless/nl80211.c | 4 |
2 files changed, 11 insertions, 6 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 77e9ff5ec4f3..cdfdb2eaad9f 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
| @@ -664,18 +664,19 @@ static void sta_apply_parameters(struct ieee80211_local *local, | |||
| 664 | spin_unlock_bh(&sta->lock); | 664 | spin_unlock_bh(&sta->lock); |
| 665 | 665 | ||
| 666 | /* | 666 | /* |
| 667 | * cfg80211 validates this (1-2007) and allows setting the AID | ||
| 668 | * only when creating a new station entry | ||
| 669 | */ | ||
| 670 | if (params->aid) | ||
| 671 | sta->sta.aid = params->aid; | ||
| 672 | |||
| 673 | /* | ||
| 667 | * FIXME: updating the following information is racy when this | 674 | * FIXME: updating the following information is racy when this |
| 668 | * function is called from ieee80211_change_station(). | 675 | * function is called from ieee80211_change_station(). |
| 669 | * However, all this information should be static so | 676 | * However, all this information should be static so |
| 670 | * maybe we should just reject attemps to change it. | 677 | * maybe we should just reject attemps to change it. |
| 671 | */ | 678 | */ |
| 672 | 679 | ||
| 673 | if (params->aid) { | ||
| 674 | sta->sta.aid = params->aid; | ||
| 675 | if (sta->sta.aid > IEEE80211_MAX_AID) | ||
| 676 | sta->sta.aid = 0; /* XXX: should this be an error? */ | ||
| 677 | } | ||
| 678 | |||
| 679 | if (params->listen_interval >= 0) | 680 | if (params->listen_interval >= 0) |
| 680 | sta->listen_interval = params->listen_interval; | 681 | sta->listen_interval = params->listen_interval; |
| 681 | 682 | ||
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 4b4d3c8a1aed..19dc796bb0b8 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -1738,7 +1738,11 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) | |||
| 1738 | nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); | 1738 | nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); |
| 1739 | params.listen_interval = | 1739 | params.listen_interval = |
| 1740 | nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); | 1740 | nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); |
| 1741 | |||
| 1741 | params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); | 1742 | params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); |
| 1743 | if (!params.aid || params.aid > IEEE80211_MAX_AID) | ||
| 1744 | return -EINVAL; | ||
| 1745 | |||
| 1742 | if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) | 1746 | if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) |
| 1743 | params.ht_capa = | 1747 | params.ht_capa = |
| 1744 | nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); | 1748 | nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); |