[v3,04/22] nl80211: correctly validate S1G beacon head

Message ID	20200908190323.15814-5-thomas@adapt-ip.com
State	Superseded
Headers	show Return-Path: <SRS0=ylPz=CR=vger.kernel.org=linux-wireless-owner@kernel.org> sender: thomas@adapt-ip.com) by web.adapt-ip.com (Postfix) with ESMTPSA id 4C7A24F9AF5; Tue, 8 Sep 2020 19:03:21 +0000 (UTC) From: Thomas Pedersen <thomas@adapt-ip.com> To: Johannes Berg <johannes@sipsolutions.net> Cc: linux-wireless <linux-wireless@vger.kernel.org>, Thomas Pedersen <thomas@adapt-ip.com> Subject: [PATCH v3 04/22] nl80211: correctly validate S1G beacon head Date: Tue, 8 Sep 2020 12:03:05 -0700 Message-Id: <20200908190323.15814-5-thomas@adapt-ip.com> In-Reply-To: <20200908190323.15814-1-thomas@adapt-ip.com> References: <20200908190323.15814-1-thomas@adapt-ip.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk
Series	add support for S1G association \| expand [v3,00/22] add support for S1G association [v3,04/22] nl80211: correctly validate S1G beacon head [v3,05/22] nl80211: support setting S1G channels [v3,09/22] mac80211: support S1G STA capabilities [v3,11/22] cfg80211: parse S1G Operation element for BSS channel [v3,12/22] mac80211: convert S1G beacon to scan results [v3,14/22] mac80211: encode listen interval for S1G [v3,16/22] mac80211: handle S1G low rates [v3,17/22] mac80211: avoid rate init for S1G band [v3,18/22] mac80211: receive and process S1G beacons [v3,20/22] nl80211: include frequency offset in survey info

Message ID

20200908190323.15814-5-thomas@adapt-ip.com

State

Superseded

Headers

From: Thomas Pedersen <thomas@adapt-ip.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless <linux-wireless@vger.kernel.org>,
	Thomas Pedersen <thomas@adapt-ip.com>
Subject: [PATCH v3 04/22] nl80211: correctly validate S1G beacon head
Date: Tue,  8 Sep 2020 12:03:05 -0700
Message-Id: <20200908190323.15814-5-thomas@adapt-ip.com>
In-Reply-To: <20200908190323.15814-1-thomas@adapt-ip.com>
References: <20200908190323.15814-1-thomas@adapt-ip.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk

Series

add support for S1G association | expand

Commit Message

Thomas Pedersen Sept. 8, 2020, 7:03 p.m. UTC

The S1G beacon has a different header size than regular
beacons, so adjust the beacon head validator.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
---
 net/wireless/nl80211.c | 16 +++++++++++++---
 net/wireless/util.c    |  5 +++++
 2 files changed, 18 insertions(+), 3 deletions(-)

Comments

Johannes Berg Sept. 18, 2020, 10:56 a.m. UTC | #1

On Tue, 2020-09-08 at 12:03 -0700, Thomas Pedersen wrote:
> The S1G beacon has a different header size than regular
> beacons, so adjust the beacon head validator.

I've applied this already and will keep it, but you later add short
beacons - don't they need further adjustments here too?

johannes

Thomas Pedersen Sept. 18, 2020, 5:45 p.m. UTC | #2

On 2020-09-18 03:56, Johannes Berg wrote:
> On Tue, 2020-09-08 at 12:03 -0700, Thomas Pedersen wrote:
>> The S1G beacon has a different header size than regular
>> beacons, so adjust the beacon head validator.
> 
> I've applied this already and will keep it, but you later add short
> beacons - don't they need further adjustments here too?

Yes, but I was planning on doing that in the (yet to be submitted) "add 
S1G
short beacon support" patch.

Johannes Berg Sept. 18, 2020, 5:47 p.m. UTC | #3

On Fri, 2020-09-18 at 10:45 -0700, Thomas Pedersen wrote:
> On 2020-09-18 03:56, Johannes Berg wrote:

> > On Tue, 2020-09-08 at 12:03 -0700, Thomas Pedersen wrote:

> > > The S1G beacon has a different header size than regular

> > > beacons, so adjust the beacon head validator.

> > 

> > I've applied this already and will keep it, but you later add short

> > beacons - don't they need further adjustments here too?

> 

> Yes, but I was planning on doing that in the (yet to be submitted) "add 

> S1G short beacon support" patch.


OK, fair enough, was just wondering :)

johannes

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e408624018d5..8cf50bfedb01 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -209,14 +209,24 @@  static int validate_beacon_head(const struct nlattr *attr,
 	unsigned int len = nla_len(attr);
 	const struct element *elem;
 	const struct ieee80211_mgmt *mgmt = (void *)data;
-	unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
-					 u.beacon.variable);
+	bool s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
+	unsigned int fixedlen, hdrlen;
+
+	if (s1g_bcn) {
+		fixedlen = offsetof(struct ieee80211_ext,
+				    u.s1g_beacon.variable);
+		hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
+	} else {
+		fixedlen = offsetof(struct ieee80211_mgmt,
+				    u.beacon.variable);
+		hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
+	}
 
 	if (len < fixedlen)
 		goto err;
 
 	if (ieee80211_hdrlen(mgmt->frame_control) !=
-	    offsetof(struct ieee80211_mgmt, u.beacon))
+	    hdrlen)
 		goto err;
 
 	data += fixedlen;
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 7c5d5365a5eb..11822cd05a9f 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -397,6 +397,11 @@  unsigned int __attribute_const__ ieee80211_hdrlen(__le16 fc)
 {
 	unsigned int hdrlen = 24;
 
+	if (ieee80211_is_ext(fc)) {
+		hdrlen = 4;
+		goto out;
+	}
+
 	if (ieee80211_is_data(fc)) {
 		if (ieee80211_has_a4(fc))
 			hdrlen = 30;

[v3,04/22] nl80211: correctly validate S1G beacon head

Commit Message

Comments

Patch