Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Jul 2005 20:00:37 GMT
From:      Sam Leffler <sam@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 80697 for review
Message-ID:  <200507212000.j6LK0bR0013467@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=80697

Change 80697 by sam@sam_ebb on 2005/07/21 20:00:07

	correct handling for assoc req w/ wpa/rsn ie when wpa is
	not enabled; was previously ignoring the ie (wpa) or assert
	failing (rsn), now we reject the assoc request
	Obtained from:	Atheros

Affected files ...

.. //depot/projects/wifi/sys/net80211/ieee80211_input.c#54 edit

Differences ...

==== //depot/projects/wifi/sys/net80211/ieee80211_input.c#54 (text+ko) ====

@@ -1507,8 +1507,12 @@
 	 * version, mcast cipher, and 2 selector counts.
 	 * Other, variable-length data, must be checked separately.
 	 */
-	KASSERT(ic->ic_flags & IEEE80211_F_WPA1,
-		("not WPA, flags 0x%x", ic->ic_flags));
+	if ((ic->ic_flags & IEEE80211_F_WPA1) == 0) {
+		IEEE80211_DISCARD_IE(ic,
+		    IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA,
+		    wh, "WPA", "not WPA, flags 0x%x", ic->ic_flags);
+		return IEEE80211_REASON_IE_INVALID;
+	}
 	if (len < 14) {
 		IEEE80211_DISCARD_IE(ic,
 		    IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA,
@@ -1670,8 +1674,12 @@
 	 * version, mcast cipher, and 2 selector counts.
 	 * Other, variable-length data, must be checked separately.
 	 */
-	KASSERT(ic->ic_flags & IEEE80211_F_WPA2,
-		("not RSN, flags 0x%x", ic->ic_flags));
+	if ((ic->ic_flags & IEEE80211_F_WPA2) == 0) {
+		IEEE80211_DISCARD_IE(ic,
+		    IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA,
+		    wh, "WPA", "not RSN, flags 0x%x", ic->ic_flags);
+		return IEEE80211_REASON_IE_INVALID;
+	}
 	if (len < 10) {
 		IEEE80211_DISCARD_IE(ic,
 		    IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA,
@@ -2367,10 +2375,9 @@
 				wpa = frm;
 				break;
 			case IEEE80211_ELEMID_VENDOR:
-				if (iswpaoui(frm)) {
-					if (ic->ic_flags & IEEE80211_F_WPA1)
-						wpa = frm;
-				} else if (iswmeinfo(frm))
+				if (iswpaoui(frm))
+					wpa = frm;
+				else if (iswmeinfo(frm))
 					wme = frm;
 				else if (isatherosoui(frm))
 					ath = frm;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507212000.j6LK0bR0013467>