Date: Thu, 31 Jan 2008 06:19:33 GMT From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 134526 for review Message-ID: <200801310619.m0V6JXDE074589@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=134526 Change 134526 by sam@sam_ebb on 2008/01/31 06:19:16 validate the country ie length to make sure we have at least the cc data that is blindly accessed in the scan module; should also allow code to safely parse the band list Affected files ... .. //depot/projects/vap/sys/net80211/ieee80211_input.c#25 edit Differences ... ==== //depot/projects/vap/sys/net80211/ieee80211_input.c#25 (text+ko) ==== @@ -698,6 +698,17 @@ vap->iv_stats.is_rx_badbintval++; scan->status |= IEEE80211_BPARSE_BINTVAL_INVALID; } + if (scan->country != NULL) { + /* + * Validate we have at least enough data to extract + * the country code. Not sure if we should return an + * error instead of discarding the IE; consider this + * being lenient as we don't depend on the data for + * correct operation. + */ + IEEE80211_VERIFY_LENGTH(scan->country[1], 3 * sizeof(uint8_t), + scan->country = NULL); + } /* * Process HT ie's. This is complicated by our * accepting both the standard ie's and the pre-draft
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801310619.m0V6JXDE074589>