PERFORCE change 134526 for review
Sam Leffler
sam at FreeBSD.org
Wed Jan 30 22:19:33 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=134526
Change 134526 by sam at sam_ebb on 2008/01/31 06:19:16
validate the country ie length to make sure we have at least the
cc data that is blindly accessed in the scan module; should also
allow code to safely parse the band list
Affected files ...
.. //depot/projects/vap/sys/net80211/ieee80211_input.c#25 edit
Differences ...
==== //depot/projects/vap/sys/net80211/ieee80211_input.c#25 (text+ko) ====
@@ -698,6 +698,17 @@
vap->iv_stats.is_rx_badbintval++;
scan->status |= IEEE80211_BPARSE_BINTVAL_INVALID;
}
+ if (scan->country != NULL) {
+ /*
+ * Validate we have at least enough data to extract
+ * the country code. Not sure if we should return an
+ * error instead of discarding the IE; consider this
+ * being lenient as we don't depend on the data for
+ * correct operation.
+ */
+ IEEE80211_VERIFY_LENGTH(scan->country[1], 3 * sizeof(uint8_t),
+ scan->country = NULL);
+ }
/*
* Process HT ie's. This is complicated by our
* accepting both the standard ie's and the pre-draft
More information about the p4-projects
mailing list