projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b347bf)
cfg80211: validate AID of stations being added
authorJohannes Berg <johannes@sipsolutions.net>
Sun, 24 May 2009 14:42:30 +0000 (16:42 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 3 Jun 2009 18:05:10 +0000 (14:05 -0400)
We have some validation code in mac80211 but said code will
force an invalid AID to 0 which isn't a valid AID either;
instead require a valid AID (1-2007) to be passed in from
userspace in cfg80211 already. Also move the code before
the race comment since it can only be executed during STA
addition and thus is not racy.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/mac80211/cfg.c patch | blob | blame | history
net/wireless/nl80211.c patch | blob | blame | history

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 77e9ff5ec4f3771f5aa400859edc458328e05598..cdfdb2eaad9f0957730ff9489ea1dd86776de7b5 100644 (file)
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -663,6 +663,13 @@ static void sta_apply_parameters(struct ieee80211_local *local,
        }
        spin_unlock_bh(&sta->lock);
 
+       /*
+        * cfg80211 validates this (1-2007) and allows setting the AID
+        * only when creating a new station entry
+        */
+       if (params->aid)
+               sta->sta.aid = params->aid;
+
        /*
         * FIXME: updating the following information is racy when this
         *        function is called from ieee80211_change_station().
@@ -670,12 +677,6 @@ static void sta_apply_parameters(struct ieee80211_local *local,
         *        maybe we should just reject attemps to change it.
         */
 
-       if (params->aid) {
-               sta->sta.aid = params->aid;
-               if (sta->sta.aid > IEEE80211_MAX_AID)
-                       sta->sta.aid = 0; /* XXX: should this be an error? */
-       }
-
        if (params->listen_interval >= 0)
                sta->listen_interval = params->listen_interval;
 
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 4b4d3c8a1aed43610c4a92a5eb9e3fa6466397f0..19dc796bb0b8d8533e2106c0f65d4d00b60f7687 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1738,7 +1738,11 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
                nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
        params.listen_interval =
                nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
+
        params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
+       if (!params.aid || params.aid > IEEE80211_MAX_AID)
+               return -EINVAL;
+
        if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
                params.ht_capa =
                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);