From owner-svn-src-head@freebsd.org Thu Jan 7 18:41:06 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAF47A67376; Thu, 7 Jan 2016 18:41:06 +0000 (UTC) (envelope-from avos@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9767E1622; Thu, 7 Jan 2016 18:41:06 +0000 (UTC) (envelope-from avos@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u07If5a2098683; Thu, 7 Jan 2016 18:41:05 GMT (envelope-from avos@FreeBSD.org) Received: (from avos@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u07If4X3098663; Thu, 7 Jan 2016 18:41:04 GMT (envelope-from avos@FreeBSD.org) Message-Id: <201601071841.u07If4X3098663@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: avos set sender to avos@FreeBSD.org using -f From: Andriy Voskoboinyk Date: Thu, 7 Jan 2016 18:41:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r293339 - in head/sys/dev: bwi if_ndis iwi malo otus ral rtwn usb/wlan X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jan 2016 18:41:07 -0000 Author: avos Date: Thu Jan 7 18:41:03 2016 New Revision: 293339 URL: https://svnweb.freebsd.org/changeset/base/293339 Log: net80211 drivers: fix ieee80211_init_channels() usage Fix out-of-bounds read (all) / write (11n capable) for drivers that are using ieee80211_init_channels() to initialize channel list. Tested with: * RTL8188EU, STA mode. * RTL8188CUS, STA mode. * WUSB54GC, HOSTAP mode. Approved by: adrian (mentor) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D4818 Modified: head/sys/dev/bwi/if_bwi.c head/sys/dev/if_ndis/if_ndis.c head/sys/dev/iwi/if_iwi.c head/sys/dev/malo/if_malo.c head/sys/dev/otus/if_otus.c head/sys/dev/ral/rt2560.c head/sys/dev/ral/rt2661.c head/sys/dev/ral/rt2860.c head/sys/dev/rtwn/if_rtwn.c head/sys/dev/usb/wlan/if_rsu.c head/sys/dev/usb/wlan/if_rum.c head/sys/dev/usb/wlan/if_run.c head/sys/dev/usb/wlan/if_uath.c head/sys/dev/usb/wlan/if_upgt.c head/sys/dev/usb/wlan/if_ural.c head/sys/dev/usb/wlan/if_urtw.c head/sys/dev/usb/wlan/if_urtwn.c head/sys/dev/usb/wlan/if_zyd.c Modified: head/sys/dev/bwi/if_bwi.c ============================================================================== --- head/sys/dev/bwi/if_bwi.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/bwi/if_bwi.c Thu Jan 7 18:41:03 2016 (r293339) @@ -356,8 +356,8 @@ bwi_attach(struct bwi_softc *sc) device_t dev = sc->sc_dev; struct bwi_mac *mac; struct bwi_phy *phy; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int i, error; - uint8_t bands; BWI_LOCK_INIT(sc); @@ -453,15 +453,15 @@ bwi_attach(struct bwi_softc *sc) /* * Setup ratesets, phytype, channels and get MAC address */ - bands = 0; + memset(bands, 0, sizeof(bands)); if (phy->phy_mode == IEEE80211_MODE_11B || phy->phy_mode == IEEE80211_MODE_11G) { - setbit(&bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11B); if (phy->phy_mode == IEEE80211_MODE_11B) { ic->ic_phytype = IEEE80211_T_DS; } else { ic->ic_phytype = IEEE80211_T_OFDM; - setbit(&bands, IEEE80211_MODE_11G); + setbit(bands, IEEE80211_MODE_11G); } bwi_get_eaddr(sc, BWI_SPROM_11BG_EADDR, ic->ic_macaddr); @@ -475,7 +475,7 @@ bwi_attach(struct bwi_softc *sc) } } else if (phy->phy_mode == IEEE80211_MODE_11A) { /* TODO:11A */ - setbit(&bands, IEEE80211_MODE_11A); + setbit(bands, IEEE80211_MODE_11A); error = ENXIO; goto fail; } else { @@ -487,7 +487,7 @@ bwi_attach(struct bwi_softc *sc) BWI_SPROM_CARD_INFO_LOCALE); DPRINTF(sc, BWI_DBG_ATTACH, "locale: %d\n", sc->sc_locale); /* XXX use locale */ - ieee80211_init_channels(ic, NULL, &bands); + ieee80211_init_channels(ic, NULL, bands); ic->ic_softc = sc; ic->ic_name = device_get_nameunit(dev); Modified: head/sys/dev/if_ndis/if_ndis.c ============================================================================== --- head/sys/dev/if_ndis/if_ndis.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/if_ndis/if_ndis.c Thu Jan 7 18:41:03 2016 (r293339) @@ -724,8 +724,8 @@ ndis_80211attach(struct ndis_softc *sc) ndis_80211_rates_ex rates; struct ndis_80211_nettype_list *ntl; uint32_t arg; - int mode, i, r, len; - uint8_t bands = 0; + int mode, i, r, len, nonettypes = 1; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)] = { 0 }; callout_init(&sc->ndis_scan_callout, 1); @@ -751,8 +751,9 @@ ndis_80211attach(struct ndis_softc *sc) for (i = 0; i < ntl->ntl_items; i++) { mode = ndis_nettype_mode(ntl->ntl_type[i]); if (mode) { + nonettypes = 0; setbit(ic->ic_modecaps, mode); - setbit(&bands, mode); + setbit(bands, mode); } else device_printf(sc->ndis_dev, "Unknown nettype %d\n", ntl->ntl_type[i]); @@ -760,9 +761,9 @@ ndis_80211attach(struct ndis_softc *sc) free(ntl, M_DEVBUF); nonettypes: /* Default to 11b channels if the card did not supply any */ - if (bands == 0) { + if (nonettypes) { setbit(ic->ic_modecaps, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11B); } len = sizeof(rates); bzero((char *)&rates, len); @@ -859,7 +860,7 @@ nonettypes: #undef INCRATE #undef TESTSETRATE - ieee80211_init_channels(ic, NULL, &bands); + ieee80211_init_channels(ic, NULL, bands); /* * To test for WPA support, we need to see if we can Modified: head/sys/dev/iwi/if_iwi.c ============================================================================== --- head/sys/dev/iwi/if_iwi.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/iwi/if_iwi.c Thu Jan 7 18:41:03 2016 (r293339) @@ -271,8 +271,8 @@ iwi_attach(device_t dev) struct iwi_softc *sc = device_get_softc(dev); struct ieee80211com *ic = &sc->sc_ic; uint16_t val; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int i, error; - uint8_t bands; sc->sc_dev = dev; @@ -373,13 +373,13 @@ iwi_attach(device_t dev) val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 2); ic->ic_macaddr[4] = val & 0xff; ic->ic_macaddr[5] = val >> 8; - - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (pci_get_device(dev) >= 0x4223) - setbit(&bands, IEEE80211_MODE_11A); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11A); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); /* override default methods */ Modified: head/sys/dev/malo/if_malo.c ============================================================================== --- head/sys/dev/malo/if_malo.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/malo/if_malo.c Thu Jan 7 18:41:03 2016 (r293339) @@ -173,7 +173,7 @@ malo_attach(uint16_t devid, struct malo_ struct ieee80211com *ic = &sc->malo_ic; struct malo_hal *mh; int error; - uint8_t bands; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; MALO_LOCK_INIT(sc); callout_init_mtx(&sc->malo_watchdog_timer, &sc->malo_mtx, 0); @@ -222,10 +222,10 @@ malo_attach(uint16_t devid, struct malo_ sc->malo_hwspecs.wcbbase[2], sc->malo_hwspecs.wcbbase[3]); /* NB: firmware looks that it does not export regdomain info API. */ - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); - ieee80211_init_channels(ic, NULL, &bands); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); + ieee80211_init_channels(ic, NULL, bands); sc->malo_txantenna = 0x2; /* h/w default */ sc->malo_rxantenna = 0xffff; /* h/w default */ Modified: head/sys/dev/otus/if_otus.c ============================================================================== --- head/sys/dev/otus/if_otus.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/otus/if_otus.c Thu Jan 7 18:41:03 2016 (r293339) @@ -624,8 +624,8 @@ otus_attachhook(struct otus_softc *sc) struct ieee80211com *ic = &sc->sc_ic; usb_device_request_t req; uint32_t in, out; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int error; - uint8_t bands; /* Not locked */ error = otus_load_firmware(sc, "otusfw_init", AR_FW_INIT_ADDR); @@ -743,19 +743,19 @@ otus_attachhook(struct otus_softc *sc) otus_get_chanlist(sc); #else /* Set supported .11b and .11g rates. */ - bands = 0; + memset(bands, 0, sizeof(bands)); if (sc->eeprom.baseEepHeader.opCapFlags & AR5416_OPFLAGS_11G) { - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); } if (sc->eeprom.baseEepHeader.opCapFlags & AR5416_OPFLAGS_11A) { - setbit(&bands, IEEE80211_MODE_11A); + setbit(bands, IEEE80211_MODE_11A); } #if 0 if (sc->sc_ht) - setbit(&bands, IEEE80211_MODE_11NG); + setbit(bands, IEEE80211_MODE_11NG); #endif - ieee80211_init_channels(ic, NULL, &bands); + ieee80211_init_channels(ic, NULL, bands); #endif ieee80211_ifattach(ic); Modified: head/sys/dev/ral/rt2560.c ============================================================================== --- head/sys/dev/ral/rt2560.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/ral/rt2560.c Thu Jan 7 18:41:03 2016 (r293339) @@ -199,7 +199,7 @@ rt2560_attach(device_t dev, int id) { struct rt2560_softc *sc = device_get_softc(dev); struct ieee80211com *ic = &sc->sc_ic; - uint8_t bands; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int error; sc->sc_dev = dev; @@ -278,12 +278,12 @@ rt2560_attach(device_t dev, int id) #endif ; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (sc->rf_rev == RT2560_RF_5222) - setbit(&bands, IEEE80211_MODE_11A); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11A); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_raw_xmit = rt2560_raw_xmit; Modified: head/sys/dev/ral/rt2661.c ============================================================================== --- head/sys/dev/ral/rt2661.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/ral/rt2661.c Thu Jan 7 18:41:03 2016 (r293339) @@ -199,8 +199,8 @@ rt2661_attach(device_t dev, int id) struct rt2661_softc *sc = device_get_softc(dev); struct ieee80211com *ic = &sc->sc_ic; uint32_t val; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int error, ac, ntries; - uint8_t bands; sc->sc_id = id; sc->sc_dev = dev; @@ -279,12 +279,12 @@ rt2661_attach(device_t dev, int id) #endif ; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (sc->rf_rev == RT2661_RF_5225 || sc->rf_rev == RT2661_RF_5325) - setbit(&bands, IEEE80211_MODE_11A); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11A); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); #if 0 Modified: head/sys/dev/ral/rt2860.c ============================================================================== --- head/sys/dev/ral/rt2860.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/ral/rt2860.c Thu Jan 7 18:41:03 2016 (r293339) @@ -232,8 +232,8 @@ rt2860_attach(device_t dev, int id) struct rt2860_softc *sc = device_get_softc(dev); struct ieee80211com *ic = &sc->sc_ic; uint32_t tmp; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int error, ntries, qid; - uint8_t bands; sc->sc_dev = dev; sc->sc_debug = 0; @@ -319,12 +319,12 @@ rt2860_attach(device_t dev, int id) | IEEE80211_C_WME /* 802.11e */ ; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850) - setbit(&bands, IEEE80211_MODE_11A); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11A); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); Modified: head/sys/dev/rtwn/if_rtwn.c ============================================================================== --- head/sys/dev/rtwn/if_rtwn.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/rtwn/if_rtwn.c Thu Jan 7 18:41:03 2016 (r293339) @@ -251,7 +251,7 @@ rtwn_attach(device_t dev) struct rtwn_softc *sc = device_get_softc(dev); struct ieee80211com *ic = &sc->sc_ic; uint32_t lcsr; - uint8_t bands; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int i, count, error, rid; sc->sc_dev = dev; @@ -353,10 +353,10 @@ rtwn_attach(device_t dev) | IEEE80211_C_WME /* 802.11e */ ; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); - ieee80211_init_channels(ic, NULL, &bands); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); Modified: head/sys/dev/usb/wlan/if_rsu.c ============================================================================== --- head/sys/dev/usb/wlan/if_rsu.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_rsu.c Thu Jan 7 18:41:03 2016 (r293339) @@ -403,7 +403,8 @@ rsu_attach(device_t self) struct rsu_softc *sc = device_get_softc(self); struct ieee80211com *ic = &sc->sc_ic; int error; - uint8_t iface_index, bands; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index; struct usb_interface *iface; const char *rft; @@ -531,12 +532,12 @@ rsu_attach(device_t self) } /* Set supported .11b and .11g rates. */ - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (sc->sc_ht) - setbit(&bands, IEEE80211_MODE_11NG); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11NG); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_raw_xmit = rsu_raw_xmit; Modified: head/sys/dev/usb/wlan/if_rum.c ============================================================================== --- head/sys/dev/usb/wlan/if_rum.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_rum.c Thu Jan 7 18:41:03 2016 (r293339) @@ -468,8 +468,9 @@ rum_attach(device_t self) struct usb_attach_arg *uaa = device_get_ivars(self); struct rum_softc *sc = device_get_softc(self); struct ieee80211com *ic = &sc->sc_ic; - uint8_t iface_index, bands; uint32_t tmp; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index; int error, ntries; device_set_usb_desc(self); @@ -537,12 +538,12 @@ rum_attach(device_t self) IEEE80211_CRYPTO_TKIPMIC | IEEE80211_CRYPTO_TKIP; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_5226) - setbit(&bands, IEEE80211_MODE_11A); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11A); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_update_promisc = rum_update_promisc; Modified: head/sys/dev/usb/wlan/if_run.c ============================================================================== --- head/sys/dev/usb/wlan/if_run.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_run.c Thu Jan 7 18:41:03 2016 (r293339) @@ -704,8 +704,9 @@ run_attach(device_t self) struct usb_attach_arg *uaa = device_get_ivars(self); struct ieee80211com *ic = &sc->sc_ic; uint32_t ver; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index; int ntries, error; - uint8_t iface_index, bands; device_set_usb_desc(self); sc->sc_udev = uaa->device; @@ -785,14 +786,14 @@ run_attach(device_t self) ic->ic_flags |= IEEE80211_F_DATAPAD; ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || sc->rf_rev == RT5592_RF_5592) - setbit(&bands, IEEE80211_MODE_11A); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11A); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); Modified: head/sys/dev/usb/wlan/if_uath.c ============================================================================== --- head/sys/dev/usb/wlan/if_uath.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_uath.c Thu Jan 7 18:41:03 2016 (r293339) @@ -328,7 +328,8 @@ uath_attach(device_t dev) struct uath_softc *sc = device_get_softc(dev); struct usb_attach_arg *uaa = device_get_ivars(dev); struct ieee80211com *ic = &sc->sc_ic; - uint8_t bands, iface_index = UATH_IFACE_INDEX; /* XXX */ + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index = UATH_IFACE_INDEX; /* XXX */ usb_error_t error; sc->sc_dev = dev; @@ -431,13 +432,13 @@ uath_attach(device_t dev) /* put a regulatory domain to reveal informations. */ uath_regdomain = sc->sc_devcap.regDomain; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if ((sc->sc_devcap.analog5GhzRevision & 0xf0) == 0x30) - setbit(&bands, IEEE80211_MODE_11A); + setbit(bands, IEEE80211_MODE_11A); /* XXX turbo */ - ieee80211_init_channels(ic, NULL, &bands); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_raw_xmit = uath_raw_xmit; Modified: head/sys/dev/usb/wlan/if_upgt.c ============================================================================== --- head/sys/dev/usb/wlan/if_upgt.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_upgt.c Thu Jan 7 18:41:03 2016 (r293339) @@ -243,7 +243,8 @@ upgt_attach(device_t dev) struct upgt_softc *sc = device_get_softc(dev); struct ieee80211com *ic = &sc->sc_ic; struct usb_attach_arg *uaa = device_get_ivars(dev); - uint8_t bands, iface_index = UPGT_IFACE_INDEX; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index = UPGT_IFACE_INDEX; int error; sc->sc_dev = dev; @@ -337,10 +338,10 @@ upgt_attach(device_t dev) | IEEE80211_C_WPA /* 802.11i */ ; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); - ieee80211_init_channels(ic, NULL, &bands); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_raw_xmit = upgt_raw_xmit; Modified: head/sys/dev/usb/wlan/if_ural.c ============================================================================== --- head/sys/dev/usb/wlan/if_ural.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_ural.c Thu Jan 7 18:41:03 2016 (r293339) @@ -424,7 +424,8 @@ ural_attach(device_t self) struct usb_attach_arg *uaa = device_get_ivars(self); struct ural_softc *sc = device_get_softc(self); struct ieee80211com *ic = &sc->sc_ic; - uint8_t iface_index, bands; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index; int error; device_set_usb_desc(self); @@ -473,12 +474,12 @@ ural_attach(device_t self) | IEEE80211_C_WPA /* 802.11i */ ; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); if (sc->rf_rev == RAL_RF_5222) - setbit(&bands, IEEE80211_MODE_11A); - ieee80211_init_channels(ic, NULL, &bands); + setbit(bands, IEEE80211_MODE_11A); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_update_promisc = ural_update_promisc; Modified: head/sys/dev/usb/wlan/if_urtw.c ============================================================================== --- head/sys/dev/usb/wlan/if_urtw.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_urtw.c Thu Jan 7 18:41:03 2016 (r293339) @@ -785,7 +785,8 @@ urtw_attach(device_t dev) struct urtw_softc *sc = device_get_softc(dev); struct usb_attach_arg *uaa = device_get_ivars(dev); struct ieee80211com *ic = &sc->sc_ic; - uint8_t bands, iface_index = URTW_IFACE_INDEX; /* XXX */ + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index = URTW_IFACE_INDEX; /* XXX */ uint16_t n_setup; uint32_t data; usb_error_t error; @@ -876,10 +877,10 @@ urtw_attach(device_t dev) IEEE80211_C_BGSCAN | /* capable of bg scanning */ IEEE80211_C_WPA; /* 802.11i */ - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); - ieee80211_init_channels(ic, NULL, &bands); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_raw_xmit = urtw_raw_xmit; Modified: head/sys/dev/usb/wlan/if_urtwn.c ============================================================================== --- head/sys/dev/usb/wlan/if_urtwn.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_urtwn.c Thu Jan 7 18:41:03 2016 (r293339) @@ -439,7 +439,7 @@ urtwn_attach(device_t self) struct usb_attach_arg *uaa = device_get_ivars(self); struct urtwn_softc *sc = device_get_softc(self); struct ieee80211com *ic = &sc->sc_ic; - uint8_t bands; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; int error; device_set_usb_desc(self); @@ -525,10 +525,10 @@ urtwn_attach(device_t self) IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_AES_CCM; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); - ieee80211_init_channels(ic, NULL, &bands); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_raw_xmit = urtwn_raw_xmit; Modified: head/sys/dev/usb/wlan/if_zyd.c ============================================================================== --- head/sys/dev/usb/wlan/if_zyd.c Thu Jan 7 18:34:56 2016 (r293338) +++ head/sys/dev/usb/wlan/if_zyd.c Thu Jan 7 18:41:03 2016 (r293339) @@ -334,7 +334,8 @@ zyd_attach(device_t dev) struct usb_attach_arg *uaa = device_get_ivars(dev); struct zyd_softc *sc = device_get_softc(dev); struct ieee80211com *ic = &sc->sc_ic; - uint8_t iface_index, bands; + uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; + uint8_t iface_index; int error; if (uaa->info.bcdDevice < 0x4330) { @@ -387,10 +388,10 @@ zyd_attach(device_t dev) | IEEE80211_C_WPA /* 802.11i */ ; - bands = 0; - setbit(&bands, IEEE80211_MODE_11B); - setbit(&bands, IEEE80211_MODE_11G); - ieee80211_init_channels(ic, NULL, &bands); + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); + ieee80211_init_channels(ic, NULL, bands); ieee80211_ifattach(ic); ic->ic_raw_xmit = zyd_raw_xmit;