[PATCH] cfg80211: validate AID of stations being added

Johannes Berg <johannes@xxxxxxxxxxxxxxxx> · Sun, 24 May 2009 16:42:30 +0200

We have some validation code in mac80211 but said code will
force an invalid AID to 0 which isn't a valid AID either;
instead require a valid AID (1-2007) to be passed in from
userspace in cfg80211 already. Also move the code before
the race comment since it can only be executed during STA
addition and thus is not racy.

Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
---
 net/mac80211/cfg.c     |   13 +++++++------
 net/wireless/nl80211.c |    4 ++++
 2 files changed, 11 insertions(+), 6 deletions(-)

--- wireless-testing.orig/net/mac80211/cfg.c	2009-05-24 16:40:30.000000000 +0200
+++ wireless-testing/net/mac80211/cfg.c	2009-05-24 16:40:42.000000000 +0200
@@ -664,18 +664,19 @@ static void sta_apply_parameters(struct 
 	spin_unlock_bh(&sta->lock);
 
 	/*
+	 * cfg80211 validates this (1-2007) and allows setting the AID
+	 * only when creating a new station entry
+	 */
+	if (params->aid)
+		sta->sta.aid = params->aid;
+
+	/*
 	 * FIXME: updating the following information is racy when this
 	 *	  function is called from ieee80211_change_station().
 	 *	  However, all this information should be static so
 	 *	  maybe we should just reject attemps to change it.
 	 */
 
-	if (params->aid) {
-		sta->sta.aid = params->aid;
-		if (sta->sta.aid > IEEE80211_MAX_AID)
-			sta->sta.aid = 0; /* XXX: should this be an error? */
-	}
-
 	if (params->listen_interval >= 0)
 		sta->listen_interval = params->listen_interval;
 
--- wireless-testing.orig/net/wireless/nl80211.c	2009-05-24 16:40:33.000000000 +0200
+++ wireless-testing/net/wireless/nl80211.c	2009-05-24 16:40:42.000000000 +0200
@@ -1738,7 +1738,11 @@ static int nl80211_new_station(struct sk
 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
 	params.listen_interval =
 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
+
 	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
+	if (!params.aid || params.aid > IEEE80211_MAX_AID)
+		return -EINVAL;
+
 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
 		params.ht_capa =
 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);


--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




