Page MenuHomeFreeBSD
Differential D4818

net80211: fix ieee80211_init_channels() usage
ClosedPublic
Actions

Authored by avos on Jan 7 2016, 3:25 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 12:10 AM
Unknown Object (File)
Tue, Nov 19, 11:45 AM
Unknown Object (File)
Mon, Oct 28, 7:58 PM
Unknown Object (File)
Thu, Oct 24, 11:24 PM
Unknown Object (File)
Thu, Oct 24, 11:24 PM
Unknown Object (File)
Thu, Oct 24, 11:24 PM
Unknown Object (File)
Thu, Oct 24, 11:24 PM
Unknown Object (File)
Thu, Oct 24, 11:24 PM
View All 98 Files
Subscribers
imp

Details

Reviewers
adrian
Commits
rS293339: net80211 drivers: fix ieee80211_init_channels() usage
Summary

Fix out-of-bounds read (all) / write (11n capable) for drivers that are using ieee80211_init_channels() to initialize channel list.

MFC after: 2 weeks.

Test Plan

Tested with

  • RTL8188EU, STA mode.
  • RTL8188CUS, STA mode.
  • WUSB54GC, HOSTAP mode.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

avos updated this revision to Diff 12002.Jan 7 2016, 3:25 PM
avos retitled this revision from to net80211: fix ieee80211_init_channels() usage.
avos updated this object.
avos edited the test plan for this revision. (Show Details)
avos added a reviewer: adrian.
avos set the repository for this revision to rS FreeBSD src repository - subversion.
Herald added a subscriber: imp. · View Herald TranscriptJan 7 2016, 3:25 PM
avos updated this revision to Diff 12003.Jan 7 2016, 3:39 PM

Add rtwn(4)

adrian edited edge metadata.Jan 7 2016, 4:37 PM

Overall this is a good catch. I'm happy to see this merged in this in once the ndis comment is address.

I kinda wonder if we should just create a 'bands' typedef for net80211 to hide this problem in the future.

sys/dev/if_ndis/if_ndis.c
763 ↗(On Diff #12003)

This won't work if bits[1] is non-zero, etc. Modify the iterator above to set some flag to 1 if a mode was set, and check if the flag is 0 here.

avos updated this revision to Diff 12009.Jan 7 2016, 5:06 PM
avos edited edge metadata.

Use more proper check for ndis(4).

avos marked an inline comment as done.Jan 7 2016, 5:06 PM
adrian accepted this revision.Jan 7 2016, 6:15 PM
adrian edited edge metadata.

all good, let's do it! thanks!

This revision is now accepted and ready to land.Jan 7 2016, 6:15 PM
Closed by commit rS293339: net80211 drivers: fix ieee80211_init_channels() usage (authored by avos). · Explain WhyJan 7 2016, 6:41 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
dev/
bwi/
12 lines
if_ndis/
13 lines
iwi/
14 lines
malo/
10 lines
otus/
14 lines
ral/
12 lines
12 lines
12 lines
rtwn/
10 lines
usb/
wlan/
13 lines
13 lines
13 lines
13 lines
11 lines
13 lines
11 lines
10 lines
11 lines

Diff 12016

View Options

head/sys/dev/bwi/if_bwi.c

Loading...
View Options

head/sys/dev/if_ndis/if_ndis.c

Loading...
View Options

head/sys/dev/iwi/if_iwi.c

Loading...
View Options

head/sys/dev/malo/if_malo.c

Loading...
View Options

head/sys/dev/otus/if_otus.c

Loading...
View Options

head/sys/dev/ral/rt2560.c

Loading...
View Options

head/sys/dev/ral/rt2661.c

Loading...
View Options

head/sys/dev/ral/rt2860.c

Loading...
View Options

head/sys/dev/rtwn/if_rtwn.c

Loading...
View Options

head/sys/dev/usb/wlan/if_rsu.c

Loading...
View Options

head/sys/dev/usb/wlan/if_rum.c

Loading...
View Options

head/sys/dev/usb/wlan/if_run.c

Loading...
View Options

head/sys/dev/usb/wlan/if_uath.c

Loading...
View Options

head/sys/dev/usb/wlan/if_upgt.c

Loading...
View Options

head/sys/dev/usb/wlan/if_ural.c

Loading...
View Options

head/sys/dev/usb/wlan/if_urtw.c

Loading...
View Options

head/sys/dev/usb/wlan/if_urtwn.c

Loading...
View Options

head/sys/dev/usb/wlan/if_zyd.c

Loading...