Fix out-of-bounds read (all) / write (11n capable) for drivers that are using ieee80211_init_channels() to initialize channel list.
MFC after: 2 weeks.
Details
Details
- Reviewers
adrian - Commits
- rS293339: net80211 drivers: fix ieee80211_init_channels() usage
Tested with
- RTL8188EU, STA mode.
- RTL8188CUS, STA mode.
- WUSB54GC, HOSTAP mode.
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Overall this is a good catch. I'm happy to see this merged in this in once the ndis comment is address.
I kinda wonder if we should just create a 'bands' typedef for net80211 to hide this problem in the future.
| sys/dev/if_ndis/if_ndis.c | ||
|---|---|---|
| 763 ↗ | (On Diff #12003) | This won't work if bits[1] is non-zero, etc. Modify the iterator above to set some flag to 1 if a mode was set, and check if the flag is 0 here. |