Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 Jul 2009 13:33:22 +0000 (UTC)
From:      Rui Paulo <rpaulo@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r195559 - projects/mesh11s/sys/net80211
Message-ID:  <200907101333.n6ADXMYV021522@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rpaulo
Date: Fri Jul 10 13:33:22 2009
New Revision: 195559
URL: http://svn.freebsd.org/changeset/base/195559

Log:
  Verify the mesh peer IE.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  projects/mesh11s/sys/net80211/ieee80211_mesh.c

Modified: projects/mesh11s/sys/net80211/ieee80211_mesh.c
==============================================================================
--- projects/mesh11s/sys/net80211/ieee80211_mesh.c	Fri Jul 10 13:14:02 2009	(r195558)
+++ projects/mesh11s/sys/net80211/ieee80211_mesh.c	Fri Jul 10 13:33:22 2009	(r195559)
@@ -87,6 +87,7 @@ static __inline void	mesh_peer_timeout_s
 static int	mesh_verify_meshpeerver(struct ieee80211vap *, const uint8_t *);
 static int	mesh_verify_meshid(struct ieee80211vap *, const uint8_t *);
 static int	mesh_verify_meshconf(struct ieee80211vap *, const uint8_t *);
+static int	mesh_verify_meshpeer(struct ieee80211vap *, const uint8_t *);
 uint32_t	mesh_airtime_calc(struct ieee80211_node *);
 
 /*
@@ -1316,8 +1317,6 @@ mesh_parse_meshpeering_action(struct iee
 		}
 		frm += frm[1] + 2;
 	}
-	/* XXX verify elements present */
-	/* XXX verify ie lengths */
 
 	/*
 	 * Verify the contents of the frame. Action frames with
@@ -1329,7 +1328,7 @@ mesh_parse_meshpeering_action(struct iee
 
 	if (mesh_verify_meshpeerver(vap, meshpeerver) ||
 	    mesh_verify_meshid(vap, meshid) ||
-	    meshpeer == NULL ||
+	    mesh_verify_meshpeer(vap, meshpeer) ||
 	    mesh_verify_meshconf(vap, meshconf)) {
 		uint16_t args[3];
 
@@ -2097,9 +2096,38 @@ mesh_verify_meshconf(struct ieee80211vap
 		    "not accepting peers: 0x%x\n", meshconf->conf_cap);
 		return 1;
 	}
+	return 0;
+}
 
+static int
+mesh_verify_meshpeer(struct ieee80211vap *vap, const uint8_t *ie)
+{
+	const struct ieee80211_meshpeer_ie *meshpeer =
+	    (const struct ieee80211_meshpeer_ie *) ie;
+
+	if (meshpeer == NULL)
+		return 1;
+	switch (meshpeer->peer_subtype) {
+	case IEEE80211_MESH_PEER_LINK_OPEN:
+		if (meshpeer->peer_len != 3)
+			return 1;
+		break;
+	case IEEE80211_MESH_PEER_LINK_CONFIRM:
+		if (meshpeer->peer_len != 5)
+			return 1;
+		break;
+	case IEEE80211_MESH_PEER_LINK_CLOSE:
+		if (meshpeer->peer_len < 5)
+			return 1;
+		if (meshpeer->peer_len == 5 && meshpeer->peer_linkid != 0)
+			return 1;
+		if (meshpeer->peer_rcode == 0)
+			return 1;
+		break;
+	}
 	return 0;
 }
+
 /*
  * Add a Mesh ID IE to a frame.
  */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907101333.n6ADXMYV021522>