diff options
| author |   stsp <stsp@openbsd.org> | 2012-01-28 12:46:32 +0000 |
|---|---|---|
| committer | stsp <stsp@openbsd.org> | 2012-01-28 12:46:32 +0000 |
| commit | e7e9c0dc7de5acaba6310e00e15279e5a9ee3f5a (patch) | |
| tree | f6855d485e861b0959f494c429a50f20b89079ed | |
| parent | Fix ar5k_rt_copy() to copy all fields of the HAL_RATE_TABLE struct. (diff) | |
| download | wireguard-openbsd-e7e9c0dc7de5acaba6310e00e15279e5a9ee3f5a.tar.xz wireguard-openbsd-e7e9c0dc7de5acaba6310e00e15279e5a9ee3f5a.zip | |
Don't panic when switching an ath interface in hostap mode from 11a to 11b.
The driver forgot to reconfigure the ic_bss' rate table during the switch.
This triggered an assertion in ieee80211_newstate() which is present to
prevent an out-of-bounds array access (11a has more rates than 11b).
Problem reported by ml@extensibl.com; ok mikeb deraadt
| -rw-r--r-- | sys/dev/ic/ath.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/dev/ic/ath.c b/sys/dev/ic/ath.c index d974679e18d..00ef54d51af 100644 --- a/sys/dev/ic/ath.c +++ b/sys/dev/ic/ath.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ath.c,v 1.93 2011/10/14 17:08:10 stsp Exp $ */ +/* $OpenBSD: ath.c,v 1.94 2012/01/28 12:46:32 stsp Exp $ */ /* $NetBSD: ath.c,v 1.37 2004/08/18 21:59:39 dyoung Exp $ */ /*- @@ -713,8 +713,12 @@ ath_init1(struct ath_softc *sc) ni = ic->ic_bss; ni->ni_chan = ic->ic_ibss_chan; mode = ieee80211_chan2mode(ic, ni->ni_chan); - if (mode != sc->sc_curmode) + if (mode != sc->sc_curmode) { ath_setcurmode(sc, mode); + ni->ni_rates.rs_nrates = sc->sc_currates->rateCount; + if (ni->ni_txrate >= ni->ni_rates.rs_nrates) + ni->ni_txrate = 0; + } if (ic->ic_opmode != IEEE80211_M_MONITOR) { ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); } else { |