svn commit: r267066 - head/sys/dev/usb/wlan

Wed, 04 Jun 2014 09:59:25 -0700 

Author: hselasky
Date: Wed Jun  4 16:58:35 2014
New Revision: 267066
URL: http://svnweb.freebsd.org/changeset/base/267066

Log:
  More RSU fixes:
  - Properly align temporary buffer to 32-bit.
  - Add an extra parenthesis to make expression clear.
  - Range check the association ID received from hardware.
  
  MFC after:    1 week

Modified:
  head/sys/dev/usb/wlan/if_rsu.c

Modified: head/sys/dev/usb/wlan/if_rsu.c
==============================================================================
--- head/sys/dev/usb/wlan/if_rsu.c      Wed Jun  4 16:57:05 2014        
(r267065)
+++ head/sys/dev/usb/wlan/if_rsu.c      Wed Jun  4 16:58:35 2014        
(r267066)
@@ -1057,7 +1057,8 @@ rsu_join_bss(struct rsu_softc *sc, struc
        struct ndis_wlan_bssid_ex *bss;
        struct ndis_802_11_fixed_ies *fixed;
        struct r92s_fw_cmd_auth auth;
-       uint8_t buf[sizeof(*bss) + 128], *frm;
+       uint8_t buf[sizeof(*bss) + 128] __aligned(4);
+       uint8_t *frm;
        uint8_t opmode;
        int error;
 
@@ -1071,7 +1072,7 @@ rsu_join_bss(struct rsu_softc *sc, struc
        memset(&auth, 0, sizeof(auth));
        if (vap->iv_flags & IEEE80211_F_WPA) {
                auth.mode = R92S_AUTHMODE_WPA;
-               auth.dot1x = ni->ni_authmode == IEEE80211_AUTH_8021X;
+               auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X);
        } else
                auth.mode = R92S_AUTHMODE_OPEN;
        DPRINTF("setting auth mode to %d\n", auth.mode);
@@ -1192,6 +1193,7 @@ rsu_event_join_bss(struct rsu_softc *sc,
        struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
        struct ieee80211_node *ni = vap->iv_bss;
        struct r92s_event_join_bss *rsp;
+       uint32_t tmp;
        int res;
 
        if (__predict_false(len < sizeof(*rsp)))
@@ -1206,9 +1208,14 @@ rsu_event_join_bss(struct rsu_softc *sc,
                RSU_LOCK(sc);
                return;
        }
+       tmp = le32toh(rsp->associd);
+       if (tmp >= vap->iv_max_aid) {
+               DPRINTF("Assoc ID overflow\n");
+               tmp = 1;
+       }
        DPRINTF("associated with %s associd=%d\n",
-           ether_sprintf(rsp->bss.macaddr), le32toh(rsp->associd));
-       ni->ni_associd = le32toh(rsp->associd) | 0xc000;
+           ether_sprintf(rsp->bss.macaddr), tmp);
+       ni->ni_associd = tmp | 0xc000;
        RSU_UNLOCK(sc);
        ieee80211_new_state(vap, IEEE80211_S_RUN,
            IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to