Date: Wed, 6 Apr 2022 14:20:13 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 9752bffbcfba - stable/11 - net80211: validate Mesh ID length in ieee80211_parse_beacon Message-ID: <202204061420.236EKDpT044067@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/11 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=9752bffbcfbadf1749a2c12449603952c61bb4ab commit 9752bffbcfbadf1749a2c12449603952c61bb4ab Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2022-04-05 22:52:51 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-04-06 14:19:42 +0000 net80211: validate Mesh ID length in ieee80211_parse_beacon Reported by: m00nbsd working with Trend Micro Zero Day Initiative (cherry picked from commit fb8c87b4f3bfdfac014f9d894fe75fbad0391b24) (cherry picked from commit 72617f9246e3a4be28eeafeae1bdd983143eef3e) (cherry picked from commit e7c990ba3f8de8c4882390cad9b01a9fa25ad068) --- sys/net80211/ieee80211_input.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index 2a6f2b445063..570e46421efb 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -708,6 +708,12 @@ ieee80211_parse_beacon(struct ieee80211_node *ni, struct mbuf *m, IEEE80211_VERIFY_LENGTH(scan->csa[1], 3 * sizeof(uint8_t), scan->status |= IEEE80211_BPARSE_CSA_INVALID); } +#ifdef IEEE80211_SUPPORT_MESH + if (scan->meshid != NULL) { + IEEE80211_VERIFY_ELEMENT(scan->meshid, IEEE80211_MESHID_LEN, + scan->status |= IEEE80211_BPARSE_RATES_INVALID); + } +#endif /* * Process HT ie's. This is complicated by our * accepting both the standard ie's and the pre-draft
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204061420.236EKDpT044067>