Commit 51b50fbe authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville

cfg80211: validate AID of stations being added

We have some validation code in mac80211 but said code will
force an invalid AID to 0 which isn't a valid AID either;
instead require a valid AID (1-2007) to be passed in from
userspace in cfg80211 already. Also move the code before
the race comment since it can only be executed during STA
addition and thus is not racy.
Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 6b347bff
...@@ -663,6 +663,13 @@ static void sta_apply_parameters(struct ieee80211_local *local, ...@@ -663,6 +663,13 @@ static void sta_apply_parameters(struct ieee80211_local *local,
} }
spin_unlock_bh(&sta->lock); spin_unlock_bh(&sta->lock);
/*
* cfg80211 validates this (1-2007) and allows setting the AID
* only when creating a new station entry
*/
if (params->aid)
sta->sta.aid = params->aid;
/* /*
* FIXME: updating the following information is racy when this * FIXME: updating the following information is racy when this
* function is called from ieee80211_change_station(). * function is called from ieee80211_change_station().
...@@ -670,12 +677,6 @@ static void sta_apply_parameters(struct ieee80211_local *local, ...@@ -670,12 +677,6 @@ static void sta_apply_parameters(struct ieee80211_local *local,
* maybe we should just reject attemps to change it. * maybe we should just reject attemps to change it.
*/ */
if (params->aid) {
sta->sta.aid = params->aid;
if (sta->sta.aid > IEEE80211_MAX_AID)
sta->sta.aid = 0; /* XXX: should this be an error? */
}
if (params->listen_interval >= 0) if (params->listen_interval >= 0)
sta->listen_interval = params->listen_interval; sta->listen_interval = params->listen_interval;
......
...@@ -1738,7 +1738,11 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) ...@@ -1738,7 +1738,11 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
params.listen_interval = params.listen_interval =
nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
if (!params.aid || params.aid > IEEE80211_MAX_AID)
return -EINVAL;
if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
params.ht_capa = params.ht_capa =
nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment