From owner-p4-projects@FreeBSD.ORG Thu Jul 21 20:00:48 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id B046316A42A; Thu, 21 Jul 2005 20:00:47 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BB9316A425 for ; Thu, 21 Jul 2005 20:00:47 +0000 (GMT) (envelope-from sam@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6243D43D9F for ; Thu, 21 Jul 2005 20:00:37 +0000 (GMT) (envelope-from sam@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j6LK0btR013470 for ; Thu, 21 Jul 2005 20:00:37 GMT (envelope-from sam@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j6LK0bR0013467 for perforce@freebsd.org; Thu, 21 Jul 2005 20:00:37 GMT (envelope-from sam@freebsd.org) Date: Thu, 21 Jul 2005 20:00:37 GMT Message-Id: <200507212000.j6LK0bR0013467@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sam@freebsd.org using -f From: Sam Leffler To: Perforce Change Reviews Cc: Subject: PERFORCE change 80697 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 20:00:48 -0000 http://perforce.freebsd.org/chv.cgi?CH=80697 Change 80697 by sam@sam_ebb on 2005/07/21 20:00:07 correct handling for assoc req w/ wpa/rsn ie when wpa is not enabled; was previously ignoring the ie (wpa) or assert failing (rsn), now we reject the assoc request Obtained from: Atheros Affected files ... .. //depot/projects/wifi/sys/net80211/ieee80211_input.c#54 edit Differences ... ==== //depot/projects/wifi/sys/net80211/ieee80211_input.c#54 (text+ko) ==== @@ -1507,8 +1507,12 @@ * version, mcast cipher, and 2 selector counts. * Other, variable-length data, must be checked separately. */ - KASSERT(ic->ic_flags & IEEE80211_F_WPA1, - ("not WPA, flags 0x%x", ic->ic_flags)); + if ((ic->ic_flags & IEEE80211_F_WPA1) == 0) { + IEEE80211_DISCARD_IE(ic, + IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, + wh, "WPA", "not WPA, flags 0x%x", ic->ic_flags); + return IEEE80211_REASON_IE_INVALID; + } if (len < 14) { IEEE80211_DISCARD_IE(ic, IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, @@ -1670,8 +1674,12 @@ * version, mcast cipher, and 2 selector counts. * Other, variable-length data, must be checked separately. */ - KASSERT(ic->ic_flags & IEEE80211_F_WPA2, - ("not RSN, flags 0x%x", ic->ic_flags)); + if ((ic->ic_flags & IEEE80211_F_WPA2) == 0) { + IEEE80211_DISCARD_IE(ic, + IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, + wh, "WPA", "not RSN, flags 0x%x", ic->ic_flags); + return IEEE80211_REASON_IE_INVALID; + } if (len < 10) { IEEE80211_DISCARD_IE(ic, IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, @@ -2367,10 +2375,9 @@ wpa = frm; break; case IEEE80211_ELEMID_VENDOR: - if (iswpaoui(frm)) { - if (ic->ic_flags & IEEE80211_F_WPA1) - wpa = frm; - } else if (iswmeinfo(frm)) + if (iswpaoui(frm)) + wpa = frm; + else if (iswmeinfo(frm)) wme = frm; else if (isatherosoui(frm)) ath = frm;