PERFORCE change 147242 for review

Sam Leffler sam at FreeBSD.org
Tue Aug 12 16:14:54 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=147242

Change 147242 by sam at sam_ebb on 2008/08/12 16:14:13

	validate policy parameter in ADDBA response

Affected files ...

.. //depot/projects/vap/sys/net80211/ieee80211_ht.c#32 edit
.. //depot/projects/vap/sys/net80211/ieee80211_ioctl.h#21 edit

Differences ...

==== //depot/projects/vap/sys/net80211/ieee80211_ht.c#32 (text+ko) ====

@@ -1404,7 +1404,7 @@
 	const struct ieee80211_action *ia;
 	struct ieee80211_rx_ampdu *rap;
 	struct ieee80211_tx_ampdu *tap;
-	uint8_t dialogtoken;
+	uint8_t dialogtoken, policy;
 	uint16_t baparamset, batimeout, baseqctl, code;
 	uint16_t args[4];
 	int tid, ac, bufsiz;
@@ -1472,6 +1472,7 @@
 			baparamset = LE_READ_2(frm+5);
 			tid = MS(baparamset, IEEE80211_BAPS_TID);
 			bufsiz = MS(baparamset, IEEE80211_BAPS_BUFSIZ);
+			policy = MS(baparamset, IEEE80211_BAPS_POLICY);
 			batimeout = LE_READ_2(frm+7);
 
 			ac = TID_TO_WME_AC(tid);
@@ -1495,6 +1496,18 @@
 				vap->iv_stats.is_addba_badtoken++;
 				return;
 			}
+			/* NB: assumes IEEE80211_AGGR_IMMEDIATE is 1 */
+			if (policy != (tap->txa_flags & IEEE80211_AGGR_IMMEDIATE)) {
+				IEEE80211_DISCARD_MAC(vap,
+				    IEEE80211_MSG_ACTION | IEEE80211_MSG_11N,
+				    ni->ni_macaddr, "ADDBA response",
+				    "policy mismatch: expecting %s, "
+				    "received %s, tid %d code %d",
+				    tap->txa_flags & IEEE80211_AGGR_IMMEDIATE,
+				    policy, tid, code);
+				vap->iv_stats.is_addba_badpolicy++;
+				return;
+			}
 
 			IEEE80211_NOTE(vap,
 			    IEEE80211_MSG_ACTION | IEEE80211_MSG_11N, ni,

==== //depot/projects/vap/sys/net80211/ieee80211_ioctl.h#21 (text+ko) ====

@@ -207,6 +207,7 @@
 	uint32_t	is_addba_norequest;	/* ADDBA response w/o ADDBA */
 	uint32_t	is_addba_badtoken;	/* ADDBA response w/ wrong
 						   dialogtoken */
+	uint32_t	is_addba_badpolicy;	/* ADDBA resp w/ wrong policy */
 	uint32_t	is_ampdu_stop;		/* A-MPDU stream stopped */
 	uint32_t	is_ampdu_stop_failed;	/* A-MPDU stream not running */
 	uint32_t	is_ampdu_rx_reorder;	/* A-MPDU held for rx reorder */
@@ -215,7 +216,7 @@
 	uint8_t		is_rx_disassoc_code;	/* last rx'd disassoc reason */
 	uint8_t		is_rx_authfail_code;	/* last rx'd auth fail reason */
 	uint32_t	is_beacon_miss;		/* beacon miss notification */
-	uint32_t	is_spare[14];
+	uint32_t	is_spare[13];
 };
 
 /*

More information about the p4-projects mailing list