diff options
| author | Stefan Sperling <stsp@cvs.openbsd.org> | 2019-03-29 11:05:47 +0000 |
|---|---|---|
| committer | Stefan Sperling <stsp@cvs.openbsd.org> | 2019-03-29 11:05:47 +0000 |
| commit | 2684d12240ea6a5cfc6f6e5c21819d53e6351e6a (patch) | |
| tree | 8cc2058aab38f46dd461f90db226607992e2bd63 /sys | |
| parent | c931def288e91c874c3402ae8bc8025cb18695fc (diff) | |
Use stricter validation checks for A-MPDUs in the net80211 input path.
Don't accept A-MPDUs if not in RUN state, and don't accept them from
unassociated clients in hostap mode.
ok jmatthew@ kevlo@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net80211/ieee80211_input.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index 24fd9c06896..1c863e788dc 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_input.c,v 1.204 2019/03/01 08:09:00 stsp Exp $ */ +/* $OpenBSD: ieee80211_input.c,v 1.205 2019/03/29 11:05:46 stsp Exp $ */ /*- * Copyright (c) 2001 Atsushi Onoe @@ -210,11 +210,29 @@ ieee80211_input(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node *ni, tid = 0; } - if (type == IEEE80211_FC0_TYPE_DATA && hasqos && + if (ic->ic_state == IEEE80211_S_RUN && + type == IEEE80211_FC0_TYPE_DATA && hasqos && (subtype & IEEE80211_FC0_SUBTYPE_NODATA) == 0 && - !(rxi->rxi_flags & IEEE80211_RXI_AMPDU_DONE)) { + !(rxi->rxi_flags & IEEE80211_RXI_AMPDU_DONE) +#ifndef IEEE80211_STA_ONLY + && (ic->ic_opmode == IEEE80211_M_STA || ni != ic->ic_bss) +#endif + ) { int ba_state = ni->ni_rx_ba[tid].ba_state; +#ifndef IEEE80211_STA_ONLY + if (ic->ic_opmode == IEEE80211_M_HOSTAP) { + if (!IEEE80211_ADDR_EQ(wh->i_addr1, + ic->ic_bss->ni_bssid)) { + ic->ic_stats.is_rx_wrongbss++; + goto err; + } + if (ni->ni_state != IEEE80211_S_ASSOC) { + ic->ic_stats.is_rx_notassoc++; + goto err; + } + } +#endif /* * If Block Ack was explicitly requested, check * if we have a BA agreement for this RA/TID. |