mac80211: add rate control rewrite and enhance the performance of the minstrel algorithm for non-mrr configurations

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12948 3c298f89-4303-0410-b956-a3cf2f4a3e73
2025-04-21 12:27:27 +03:00 · 2008-10-11 01:33:09 +00:00
parent 042b8de61d
commit 090f16f6fb
22 changed files with 7636 additions and 129 deletions
--- a/package/mac80211/patches/415-mac80211-fix-exploit.patch
+++ b/package/mac80211/patches/415-mac80211-fix-exploit.patch
@@ -0,0 +1,77 @@
+Subject: mac80211: fix HT information element parsing
+
+There's no checking that the HT IEs are of the right length
+which can be used by an attacker to cause an out-of-bounds
+access by sending a too short HT information/capability IE.
+Fix it by simply pretending those IEs didn't exist when too
+short.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+---
+ net/mac80211/ieee80211_i.h |    6 ++----
+ net/mac80211/mlme.c        |    3 ---
+ net/mac80211/util.c        |    8 ++++----
+ 3 files changed, 6 insertions(+), 11 deletions(-)
+
+--- everything.orig/net/mac80211/ieee80211_i.h	2008-10-07 20:05:26.000000000 +0200
+++ everything/net/mac80211/ieee80211_i.h	2008-10-07 20:06:45.000000000 +0200
+@@ -816,8 +816,8 @@ struct ieee802_11_elems {
+ 	u8 *ext_supp_rates;
+ 	u8 *wmm_info;
+ 	u8 *wmm_param;
+-	u8 *ht_cap_elem;
+-	u8 *ht_info_elem;
+	struct ieee80211_ht_cap *ht_cap_elem;
+	struct ieee80211_ht_addt_info *ht_info_elem;
+ 	u8 *mesh_config;
+ 	u8 *mesh_id;
+ 	u8 *peer_link;
+@@ -844,8 +844,6 @@ struct ieee802_11_elems {
+ 	u8 ext_supp_rates_len;
+ 	u8 wmm_info_len;
+ 	u8 wmm_param_len;
+-	u8 ht_cap_elem_len;
+-	u8 ht_info_elem_len;
+ 	u8 mesh_config_len;
+ 	u8 mesh_id_len;
+ 	u8 peer_link_len;
+--- everything.orig/net/mac80211/mlme.c	2008-10-07 20:06:44.000000000 +0200
+++ everything/net/mac80211/mlme.c	2008-10-07 20:06:45.000000000 +0200
+@@ -1349,10 +1349,8 @@ static void ieee80211_rx_mgmt_assoc_resp
+ 	    (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
+ 		struct ieee80211_ht_bss_info bss_info;
+ 		ieee80211_ht_cap_ie_to_ht_info(
+-				(struct ieee80211_ht_cap *)
+ 				elems.ht_cap_elem, &sta->sta.ht_info);
+ 		ieee80211_ht_addt_info_ie_to_ht_bss_info(
+-				(struct ieee80211_ht_addt_info *)
+ 				elems.ht_info_elem, &bss_info);
+ 		ieee80211_handle_ht(local, 1, &sta->sta.ht_info, &bss_info);
+ 	}
+@@ -1715,7 +1713,6 @@ static void ieee80211_rx_mgmt_beacon(str
+ 		struct ieee80211_ht_bss_info bss_info;
+ 
+ 		ieee80211_ht_addt_info_ie_to_ht_bss_info(
+-				(struct ieee80211_ht_addt_info *)
+ 				elems.ht_info_elem, &bss_info);
+ 		changed |= ieee80211_handle_ht(local, 1, &conf->ht_conf,
+ 					       &bss_info);
+--- everything.orig/net/mac80211/util.c	2008-10-07 20:06:43.000000000 +0200
+++ everything/net/mac80211/util.c	2008-10-07 20:06:45.000000000 +0200
+@@ -529,12 +529,12 @@ void ieee802_11_parse_elems(u8 *start, s
+ 			elems->ext_supp_rates_len = elen;
+ 			break;
+ 		case WLAN_EID_HT_CAPABILITY:
+-			elems->ht_cap_elem = pos;
+-			elems->ht_cap_elem_len = elen;
+			if (elen >= sizeof(struct ieee80211_ht_cap))
+				elems->ht_cap_elem = (void *)pos;
+ 			break;
+ 		case WLAN_EID_HT_EXTRA_INFO:
+-			elems->ht_info_elem = pos;
+-			elems->ht_info_elem_len = elen;
+			if (elen >= sizeof(struct ieee80211_ht_addt_info))
+				elems->ht_info_elem = (void *)pos;
+ 			break;
+ 		case WLAN_EID_MESH_ID:
+ 			elems->mesh_id = pos;