NetBSD Problem Report #44506
From root@ibm143.localdomain Wed Feb 2 23:23:39 2011
Return-Path: <root@ibm143.localdomain>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 4FBCB63B873
for <gnats-bugs@gnats.NetBSD.org>; Wed, 2 Feb 2011 23:23:39 +0000 (UTC)
Message-Id: <20110202150737.1441513C476@ibm143.localdomain>
Date: Wed, 2 Feb 2011 15:07:36 +0000 (UTC)
From: james.woo@rioch-usa.com
Reply-To: james.woo@ricoh-usa.com
To: gnats-bugs@gnats.NetBSD.org
Subject: ieee80211_match_bss matches all different SSIDs of the identical length
X-Send-Pr-Version: 3.95
>Number: 44506
>Category: kern
>Synopsis: ieee80211_match_bss matches all different SSIDs of the identical length
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 02 23:25:00 +0000 2011
>Last-Modified: Fri Feb 04 19:40:03 +0000 2011
>Originator: James Woo
>Release: NetBSD 4.0.1
>Organization:
Ricoh Americas
>Environment:
System: NetBSD ibm143 4.0.1 NetBSD 4.0.1 (ibm) #304: Wed Feb 2 13:56:50 UTC 2011 root@ibm143:/usr/src/sys/arch/i386/compile/ibm i386
Architecture: i386
Machine: i386
>Description:
ieee80211_match will match all different SSIDs of the identical length
Connection is only successful if the target SSID has a higher RSSI than
the other "matching" SSIDs. Otherwise, connection is not possible if the target SSID
has a lower RSSI than the other "matching" SSIDs.
>How-To-Repeat:
Assign different SSIDs of identical length to several APs.
Try to connect to the one with the lowest RSSI. It will fail to connect.
Now connect to the one with the highest RSSI. It will succeed.
>Fix:
net80211/ieee80211_node.c, line 532-534 was
if (ic->ic_dess_esslen != 0 &&
(ni->ni_esslen != ic->ic_des_esslen ||
memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0))
should be change to:
if (ic->ic_des_esslen != 0) {
if (ni->ni_esslen == ic->ic_des_esslen) {
if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_dess_esslen) != 0)
>Audit-Trail:
From: David Laight <david@l8s.co.uk>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs of the identical length
Date: Thu, 3 Feb 2011 08:15:52 +0000
On Wed, Feb 02, 2011 at 11:25:01PM +0000, james.woo@rioch-usa.com wrote:
> >Number: 44506
> >Category: kern
> >Synopsis: ieee80211_match_bss matches all different SSIDs of the identical length
...
> ieee80211_match will match all different SSIDs of the identical length
> Connection is only successful if the target SSID has a higher RSSI than
> the other "matching" SSIDs. Otherwise, connection is not possible if the target SSID
> has a lower RSSI than the other "matching" SSIDs.
> >How-To-Repeat:
> Assign different SSIDs of identical length to several APs.
> Try to connect to the one with the lowest RSSI. It will fail to connect.
> Now connect to the one with the highest RSSI. It will succeed.
> >Fix:
> net80211/ieee80211_node.c, line 532-534 was
> if (ic->ic_dess_esslen != 0 &&
> (ni->ni_esslen != ic->ic_des_esslen ||
> memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0))
> should be change to:
> if (ic->ic_des_esslen != 0) {
> if (ni->ni_esslen == ic->ic_des_esslen) {
> if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_dess_esslen) != 0)
That change doesn't look right to me.
The line following the confition is: fail |= 0x19;
So the old code sets fail if the length or contents of the ssid don't match.
Your version won't set 'fail' if the lengths differ - but that isn't a match.
David
--
David Laight: david@l8s.co.uk
From: James.Woo@ricoh-usa.com
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org,
kern-bug-people@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs of the
identical length
Date: Fri, 4 Feb 2011 10:20:25 -0800
This is a multipart message in MIME format.
--=_alternative 0064BF0A8825782D_=
Content-Type: text/plain; charset="US-ASCII"
Hi David,
Oops. I've missed two lines of code.
if (ic->ic_des_esslen != 0) {
if (ni->ni_esslen == ic->ic_des_esslen) {
if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen)
!= 0)
fail |= 0x10;
} else
fail |= 0x10;
James
David Laight <david@l8s.co.uk>
02/03/2011 12:15 AM
Please respond to
gnats-bugs@NetBSD.org
To
kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, james.woo@ricoh-usa.com
cc
Subject
Re: kern/44506: ieee80211_match_bss matches all different SSIDs of the
identical length
The following reply was made to PR kern/44506; it has been noted by GNATS.
From: David Laight <david@l8s.co.uk>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs
of the identical length
Date: Thu, 3 Feb 2011 08:15:52 +0000
On Wed, Feb 02, 2011 at 11:25:01PM +0000, james.woo@rioch-usa.com wrote:
> >Number: 44506
> >Category: kern
> >Synopsis: ieee80211_match_bss matches all different SSIDs of the
identical length
...
> ieee80211_match will match all different SSIDs of the
identical length
> Connection is only successful if the target SSID has a
higher RSSI than
> the other "matching" SSIDs. Otherwise, connection is not
possible if the target SSID
> has a lower RSSI than the other "matching" SSIDs.
> >How-To-Repeat:
> Assign different SSIDs of identical length to several
APs.
> Try to connect to the one with the lowest RSSI. It will
fail to connect.
> Now connect to the one with the highest RSSI. It will
succeed.
> >Fix:
> net80211/ieee80211_node.c, line 532-534 was
> if (ic->ic_dess_esslen != 0 &&
> (ni->ni_esslen != ic->ic_des_esslen ||
> memcmp(ni->ni_essid, ic->ic_des_essid,
ic->ic_des_esslen) != 0))
> should be change to:
> if (ic->ic_des_esslen != 0) {
> if (ni->ni_esslen == ic->ic_des_esslen) {
> if (memcmp(ni->ni_essid,
ic->ic_des_essid, ic->ic_dess_esslen) != 0)
That change doesn't look right to me.
The line following the confition is: fail |= 0x19;
So the old code sets fail if the length or contents of the ssid don't
match.
Your version won't set 'fail' if the lengths differ - but that isn't a
match.
David
--
David Laight: david@l8s.co.uk
--=_alternative 0064BF0A8825782D_=
Content-Type: text/html; charset="US-ASCII"
<font size=2 face="sans-serif">Hi David,</font>
<br>
<br><font size=2 face="sans-serif">Oops. I've missed two lines of code.</font>
<br>
<br><font size=2 face="sans-serif"> if (ic->ic_des_esslen
!= 0) {</font>
<br><font size=2 face="sans-serif">
if (ni->ni_esslen == ic->ic_des_esslen) {</font>
<br><font size=2 face="sans-serif">
if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen)
!= 0)</font>
<br><font size=2 face="sans-serif">
fail |= 0x10;</font>
<br><font size=2 face="sans-serif"> } else</font>
<br><font size=2 face="sans-serif">
fail |= 0x10;</font>
<br><font size=2 face="sans-serif"> </font>
<br><font size=2 face="sans-serif">James</font>
<br><font size=2 face="sans-serif"> </font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif">David Laight <david@l8s.co.uk>
</font>
<p><font size=1 face="sans-serif">02/03/2011 12:15 AM</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
gnats-bugs@NetBSD.org</font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, james.woo@ricoh-usa.com</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Re: kern/44506: ieee80211_match_bss
matches all different SSIDs of the identical length</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2>The following reply was made to PR kern/44506; it
has been noted by GNATS.<br>
<br>
From: David Laight <david@l8s.co.uk><br>
To: gnats-bugs@NetBSD.org<br>
Cc: <br>
Subject: Re: kern/44506: ieee80211_match_bss matches all different SSIDs
of the identical length<br>
Date: Thu, 3 Feb 2011 08:15:52 +0000<br>
<br>
On Wed, Feb 02, 2011 at 11:25:01PM +0000, james.woo@rioch-usa.com wrote:<br>
> >Number: 44506<br>
> >Category: kern<br>
> >Synopsis: ieee80211_match_bss matches all
different SSIDs of the identical length<br>
...<br>
> ieee80211_match
will match all different SSIDs of the identical length<br>
> Connection
is only successful if the target SSID has a higher RSSI than<br>
> the
other "matching" SSIDs. Otherwise, connection is not possible
if the target SSID<br>
> has
a lower RSSI than the other "matching" SSIDs.<br>
> >How-To-Repeat:<br>
> Assign
different SSIDs of identical length to several APs.<br>
> Try
to connect to the one with the lowest RSSI. It will fail to connect.<br>
> Now
connect to the one with the highest RSSI. It will succeed.<br>
> >Fix:<br>
> net80211/ieee80211_node.c,
line 532-534 was<br>
> if
(ic->ic_dess_esslen != 0 &&<br>
>
(ni->ni_esslen != ic->ic_des_esslen ||<br>
>
memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen)
!= 0))<br>
> should
be change to:<br>
> if
(ic->ic_des_esslen != 0) {<br>
>
if (ni->ni_esslen == ic->ic_des_esslen) {<br>
>
if (memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_dess_esslen)
!= 0)<br>
<br>
That change doesn't look right to me.<br>
The line following the confition is: fail |= 0x19;<br>
So the old code sets fail if the length or contents of the ssid don't
match.<br>
Your version won't set 'fail' if the lengths differ - but that isn't a
match.<br>
<br>
David<br>
<br>
-- <br>
David Laight: david@l8s.co.uk<br>
<br>
</font>
<br>
--=_alternative 0064BF0A8825782D_=--
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.