NetBSD Problem Report #44506

From root@ibm143.localdomain  Wed Feb  2 23:23:39 2011
Return-Path: <root@ibm143.localdomain>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 4FBCB63B873
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  2 Feb 2011 23:23:39 +0000 (UTC)
Message-Id: <20110202150737.1441513C476@ibm143.localdomain>
Date: Wed,  2 Feb 2011 15:07:36 +0000 (UTC)
From: james.woo@rioch-usa.com 
Reply-To: james.woo@ricoh-usa.com 
To: gnats-bugs@gnats.NetBSD.org
Subject: ieee80211_match_bss matches all different SSIDs of the identical length
X-Send-Pr-Version: 3.95

>Number:         44506
>Category:       kern
>Synopsis:       ieee80211_match_bss matches all different SSIDs of the identical length
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 02 23:25:00 +0000 2011
>Last-Modified:  Fri Feb 04 19:40:03 +0000 2011
>Originator:     James Woo
>Release:        NetBSD 4.0.1
>Organization:
	Ricoh Americas
>Environment:
System: NetBSD ibm143 4.0.1 NetBSD 4.0.1 (ibm) #304: Wed Feb 2 13:56:50 UTC 2011 root@ibm143:/usr/src/sys/arch/i386/compile/ibm i386
Architecture: i386
Machine: i386
>Description:
	ieee80211_match will match all different SSIDs of the identical length
	Connection is only successful if the target SSID has a higher RSSI than
	the other "matching" SSIDs. Otherwise, connection is not possible if the target SSID
	has a lower RSSI than the other "matching" SSIDs.
>How-To-Repeat:
	Assign different SSIDs of identical length to several APs.
	Try to connect to the one with the lowest RSSI. It will fail to connect.
	Now connect to the one with the highest RSSI. It will succeed.
>Fix:
	net80211/ieee80211_node.c, line 532-534 was
	if (ic->ic_dess_esslen != 0 &&
	    (ni->ni_esslen != ic->ic_des_esslen ||
	     memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0))
	should be change to:
	if (ic->ic_des_esslen != 0) {
	    if (ni->ni_esslen == ic->ic_des_esslen) {
		if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_dess_esslen) != 0)

>Audit-Trail:
From: David Laight <david@l8s.co.uk>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs of the identical length
Date: Thu, 3 Feb 2011 08:15:52 +0000

 On Wed, Feb 02, 2011 at 11:25:01PM +0000, james.woo@rioch-usa.com wrote:
 > >Number:         44506
 > >Category:       kern
 > >Synopsis:       ieee80211_match_bss matches all different SSIDs of the identical length
 ...
 > 	ieee80211_match will match all different SSIDs of the identical length
 > 	Connection is only successful if the target SSID has a higher RSSI than
 > 	the other "matching" SSIDs. Otherwise, connection is not possible if the target SSID
 > 	has a lower RSSI than the other "matching" SSIDs.
 > >How-To-Repeat:
 > 	Assign different SSIDs of identical length to several APs.
 > 	Try to connect to the one with the lowest RSSI. It will fail to connect.
 > 	Now connect to the one with the highest RSSI. It will succeed.
 > >Fix:
 > 	net80211/ieee80211_node.c, line 532-534 was
 > 	if (ic->ic_dess_esslen != 0 &&
 > 	    (ni->ni_esslen != ic->ic_des_esslen ||
 > 	     memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0))
 > 	should be change to:
 > 	if (ic->ic_des_esslen != 0) {
 > 	    if (ni->ni_esslen == ic->ic_des_esslen) {
 > 		if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_dess_esslen) != 0)

 That change doesn't look right to me.
 The line following the confition is:   fail |= 0x19;
 So the old code sets fail if the length or contents of the ssid don't match.
 Your version won't set 'fail' if the lengths differ - but that isn't a match.

 	David

 -- 
 David Laight: david@l8s.co.uk

From: James.Woo@ricoh-usa.com
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org,
	kern-bug-people@netbsd.org,
	netbsd-bugs@netbsd.org
Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs of the
 identical length
Date: Fri, 4 Feb 2011 10:20:25 -0800

 This is a multipart message in MIME format.
 --=_alternative 0064BF0A8825782D_=
 Content-Type: text/plain; charset="US-ASCII"

 Hi David,

 Oops. I've missed two lines of code.

         if (ic->ic_des_esslen != 0) {
             if (ni->ni_esslen == ic->ic_des_esslen) {
             if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) 
 != 0)
                 fail |= 0x10;
         } else
             fail |= 0x10;

 James




 David Laight <david@l8s.co.uk> 
 02/03/2011 12:15 AM
 Please respond to
 gnats-bugs@NetBSD.org


 To
 kern-bug-people@netbsd.org, gnats-admin@netbsd.org, 
 netbsd-bugs@netbsd.org, james.woo@ricoh-usa.com
 cc

 Subject
 Re: kern/44506: ieee80211_match_bss matches all different SSIDs of the 
 identical length






 The following reply was made to PR kern/44506; it has been noted by GNATS.

 From: David Laight <david@l8s.co.uk>
 To: gnats-bugs@NetBSD.org
 Cc: 
 Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs 
 of the identical length
 Date: Thu, 3 Feb 2011 08:15:52 +0000

  On Wed, Feb 02, 2011 at 11:25:01PM +0000, james.woo@rioch-usa.com wrote:
  > >Number:         44506
  > >Category:       kern
  > >Synopsis:       ieee80211_match_bss matches all different SSIDs of the 
 identical length
  ...
  >               ieee80211_match will match all different SSIDs of the 
 identical length
  >               Connection is only successful if the target SSID has a 
 higher RSSI than
  >               the other "matching" SSIDs. Otherwise, connection is not 
 possible if the target SSID
  >               has a lower RSSI than the other "matching" SSIDs.
  > >How-To-Repeat:
  >               Assign different SSIDs of identical length to several 
 APs.
  >               Try to connect to the one with the lowest RSSI. It will 
 fail to connect.
  >               Now connect to the one with the highest RSSI. It will 
 succeed.
  > >Fix:
  >               net80211/ieee80211_node.c, line 532-534 was
  >               if (ic->ic_dess_esslen != 0 &&
  >                   (ni->ni_esslen != ic->ic_des_esslen ||
  >                    memcmp(ni->ni_essid, ic->ic_des_essid, 
 ic->ic_des_esslen) != 0))
  >               should be change to:
  >               if (ic->ic_des_esslen != 0) {
  >                   if (ni->ni_esslen == ic->ic_des_esslen) {
  >                               if (memcmp(ni->ni_essid, 
 ic->ic_des_essid, ic->ic_dess_esslen) != 0)

  That change doesn't look right to me.
  The line following the confition is:   fail |= 0x19;
  So the old code sets fail if the length or contents of the ssid don't 
 match.
  Your version won't set 'fail' if the lengths differ - but that isn't a 
 match.

                  David

  -- 
  David Laight: david@l8s.co.uk



 --=_alternative 0064BF0A8825782D_=
 Content-Type: text/html; charset="US-ASCII"

 <font size=2 face="sans-serif">Hi David,</font>
 <br>
 <br><font size=2 face="sans-serif">Oops. I've missed two lines of code.</font>
 <br>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; if (ic-&gt;ic_des_esslen
 != 0) {</font>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 &nbsp; if (ni-&gt;ni_esslen == ic-&gt;ic_des_esslen) {</font>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 if (memcmp(ni-&gt;ni_essid, ic-&gt;ic_des_essid, ic-&gt;ic_des_esslen)
 != 0)</font>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 &nbsp; &nbsp; fail |= 0x10;</font>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; } else</font>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 fail |= 0x10;</font>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; </font>
 <br><font size=2 face="sans-serif">James</font>
 <br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; </font>
 <br>
 <br>
 <br>
 <table width=100%>
 <tr valign=top>
 <td width=40%><font size=1 face="sans-serif">David Laight &lt;david@l8s.co.uk&gt;
 </font>
 <p><font size=1 face="sans-serif">02/03/2011 12:15 AM</font>
 <table border>
 <tr valign=top>
 <td bgcolor=white>
 <div align=center><font size=1 face="sans-serif">Please respond to<br>
 gnats-bugs@NetBSD.org</font></div></table>
 <br>
 <td width=59%>
 <table width=100%>
 <tr>
 <td>
 <div align=right><font size=1 face="sans-serif">To</font></div>
 <td valign=top><font size=1 face="sans-serif">kern-bug-people@netbsd.org,
 gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, james.woo@ricoh-usa.com</font>
 <tr>
 <td>
 <div align=right><font size=1 face="sans-serif">cc</font></div>
 <td valign=top>
 <tr>
 <td>
 <div align=right><font size=1 face="sans-serif">Subject</font></div>
 <td valign=top><font size=1 face="sans-serif">Re: kern/44506: ieee80211_match_bss
 matches all different SSIDs of the identical length</font></table>
 <br>
 <table>
 <tr valign=top>
 <td>
 <td></table>
 <br></table>
 <br>
 <br>
 <br><font size=2>The following reply was made to PR kern/44506; it
 has been noted by GNATS.<br>
 <br>
 From: David Laight &lt;david@l8s.co.uk&gt;<br>
 To: gnats-bugs@NetBSD.org<br>
 Cc: <br>
 Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs
 of the identical length<br>
 Date: Thu, 3 Feb 2011 08:15:52 +0000<br>
 <br>
  On Wed, Feb 02, 2011 at 11:25:01PM +0000, james.woo@rioch-usa.com wrote:<br>
  &gt; &gt;Number: &nbsp; &nbsp; &nbsp; &nbsp; 44506<br>
  &gt; &gt;Category: &nbsp; &nbsp; &nbsp; kern<br>
  &gt; &gt;Synopsis: &nbsp; &nbsp; &nbsp; ieee80211_match_bss matches all
 different SSIDs of the identical length<br>
  ...<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ieee80211_match
 will match all different SSIDs of the identical length<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Connection
 is only successful if the target SSID has a higher RSSI than<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;the
 other &quot;matching&quot; SSIDs. Otherwise, connection is not possible
 if the target SSID<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;has
 a lower RSSI than the other &quot;matching&quot; SSIDs.<br>
  &gt; &gt;How-To-Repeat:<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Assign
 different SSIDs of identical length to several APs.<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Try
 to connect to the one with the lowest RSSI. It will fail to connect.<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Now
 connect to the one with the highest RSSI. It will succeed.<br>
  &gt; &gt;Fix:<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;net80211/ieee80211_node.c,
 line 532-534 was<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;if
 (ic-&gt;ic_dess_esslen != 0 &amp;&amp;<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 &nbsp; &nbsp;(ni-&gt;ni_esslen != ic-&gt;ic_des_esslen ||<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 &nbsp; &nbsp; memcmp(ni-&gt;ni_essid, ic-&gt;ic_des_essid, ic-&gt;ic_des_esslen)
 != 0))<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;should
 be change to:<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;if
 (ic-&gt;ic_des_esslen != 0) {<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 &nbsp; &nbsp;if (ni-&gt;ni_esslen == ic-&gt;ic_des_esslen) {<br>
  &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
 if (memcmp(ni-&gt;ni_essid, ic-&gt;ic_des_essid, ic-&gt;ic_dess_esslen)
 != 0)<br>
  <br>
  That change doesn't look right to me.<br>
  The line following the confition is: &nbsp; fail |= 0x19;<br>
  So the old code sets fail if the length or contents of the ssid don't
 match.<br>
  Your version won't set 'fail' if the lengths differ - but that isn't a
 match.<br>
  <br>
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;David<br>
  <br>
  -- <br>
  David Laight: david@l8s.co.uk<br>
  <br>
 </font>
 <br>
 --=_alternative 0064BF0A8825782D_=--

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.