From owner-svn-src-projects@FreeBSD.ORG Fri Jul 10 13:33:23 2009 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C6B01065674; Fri, 10 Jul 2009 13:33:23 +0000 (UTC) (envelope-from rpaulo@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D52148FC29; Fri, 10 Jul 2009 13:33:22 +0000 (UTC) (envelope-from rpaulo@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n6ADXMUV021524; Fri, 10 Jul 2009 13:33:22 GMT (envelope-from rpaulo@svn.freebsd.org) Received: (from rpaulo@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n6ADXMYV021522; Fri, 10 Jul 2009 13:33:22 GMT (envelope-from rpaulo@svn.freebsd.org) Message-Id: <200907101333.n6ADXMYV021522@svn.freebsd.org> From: Rui Paulo Date: Fri, 10 Jul 2009 13:33:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r195559 - projects/mesh11s/sys/net80211 X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2009 13:33:23 -0000 Author: rpaulo Date: Fri Jul 10 13:33:22 2009 New Revision: 195559 URL: http://svn.freebsd.org/changeset/base/195559 Log: Verify the mesh peer IE. Sponsored by: The FreeBSD Foundation Modified: projects/mesh11s/sys/net80211/ieee80211_mesh.c Modified: projects/mesh11s/sys/net80211/ieee80211_mesh.c ============================================================================== --- projects/mesh11s/sys/net80211/ieee80211_mesh.c Fri Jul 10 13:14:02 2009 (r195558) +++ projects/mesh11s/sys/net80211/ieee80211_mesh.c Fri Jul 10 13:33:22 2009 (r195559) @@ -87,6 +87,7 @@ static __inline void mesh_peer_timeout_s static int mesh_verify_meshpeerver(struct ieee80211vap *, const uint8_t *); static int mesh_verify_meshid(struct ieee80211vap *, const uint8_t *); static int mesh_verify_meshconf(struct ieee80211vap *, const uint8_t *); +static int mesh_verify_meshpeer(struct ieee80211vap *, const uint8_t *); uint32_t mesh_airtime_calc(struct ieee80211_node *); /* @@ -1316,8 +1317,6 @@ mesh_parse_meshpeering_action(struct iee } frm += frm[1] + 2; } - /* XXX verify elements present */ - /* XXX verify ie lengths */ /* * Verify the contents of the frame. Action frames with @@ -1329,7 +1328,7 @@ mesh_parse_meshpeering_action(struct iee if (mesh_verify_meshpeerver(vap, meshpeerver) || mesh_verify_meshid(vap, meshid) || - meshpeer == NULL || + mesh_verify_meshpeer(vap, meshpeer) || mesh_verify_meshconf(vap, meshconf)) { uint16_t args[3]; @@ -2097,9 +2096,38 @@ mesh_verify_meshconf(struct ieee80211vap "not accepting peers: 0x%x\n", meshconf->conf_cap); return 1; } + return 0; +} +static int +mesh_verify_meshpeer(struct ieee80211vap *vap, const uint8_t *ie) +{ + const struct ieee80211_meshpeer_ie *meshpeer = + (const struct ieee80211_meshpeer_ie *) ie; + + if (meshpeer == NULL) + return 1; + switch (meshpeer->peer_subtype) { + case IEEE80211_MESH_PEER_LINK_OPEN: + if (meshpeer->peer_len != 3) + return 1; + break; + case IEEE80211_MESH_PEER_LINK_CONFIRM: + if (meshpeer->peer_len != 5) + return 1; + break; + case IEEE80211_MESH_PEER_LINK_CLOSE: + if (meshpeer->peer_len < 5) + return 1; + if (meshpeer->peer_len == 5 && meshpeer->peer_linkid != 0) + return 1; + if (meshpeer->peer_rcode == 0) + return 1; + break; + } return 0; } + /* * Add a Mesh ID IE to a frame. */