2014-12-12 11:17:43 +01:00
|
|
|
/*
|
|
|
|
*
|
|
|
|
* Wireless daemon for Linux
|
|
|
|
*
|
|
|
|
* Copyright (C) 2014 Intel Corporation. All rights reserved.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include <config.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <ell/ell.h>
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
#include "ie.h"
|
2014-12-12 11:17:43 +01:00
|
|
|
#include "mpdu.h"
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
static bool validate_mgmt_header(const struct mpdu *mpdu, int len, int *offset)
|
2014-12-17 23:22:06 +01:00
|
|
|
{
|
2014-12-18 00:44:44 +01:00
|
|
|
/* Duration + Address1 + Address 2 + Address 3 + SeqCntrl */
|
|
|
|
if (len < *offset + 22)
|
2014-12-12 11:17:43 +01:00
|
|
|
return false;
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
*offset += 22;
|
2014-12-12 11:17:43 +01:00
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
if (!mpdu->fc.order)
|
|
|
|
return true;
|
2014-12-12 11:17:43 +01:00
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
if (len < *offset + 4)
|
2014-12-12 11:17:43 +01:00
|
|
|
return false;
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
*offset += 4;
|
2014-12-12 11:17:43 +01:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-01-21 12:36:41 +01:00
|
|
|
static bool validate_on_ies_start_position_mgmt_mpdu(const struct mpdu *mpdu,
|
|
|
|
int len, int *offset,
|
|
|
|
int position)
|
|
|
|
{
|
|
|
|
return *offset + position < len;
|
|
|
|
}
|
|
|
|
|
2015-01-21 12:36:39 +01:00
|
|
|
static bool validate_atim_mgmt_mpdu(const struct mpdu *mpdu,
|
|
|
|
int len, int *offset)
|
|
|
|
{
|
|
|
|
return *offset == len;
|
|
|
|
}
|
|
|
|
|
2015-01-21 12:36:40 +01:00
|
|
|
static bool validate_disassociation_mgmt_mpdu(const struct mpdu *mpdu,
|
|
|
|
int len, int *offset)
|
|
|
|
{
|
|
|
|
*offset += 2;
|
|
|
|
return *offset <= len;
|
|
|
|
}
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
static bool validate_authentication_mgmt_mpdu(const struct mpdu *mpdu,
|
|
|
|
int len, int *offset)
|
2014-12-12 11:17:43 +01:00
|
|
|
{
|
2014-12-18 00:44:44 +01:00
|
|
|
if (len < *offset + 6)
|
2014-12-12 11:17:43 +01:00
|
|
|
return false;
|
|
|
|
|
2015-01-21 21:24:24 +01:00
|
|
|
*offset += 6;
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
switch (mpdu->auth.algorithm) {
|
|
|
|
case MPDU_AUTH_ALGO_OPEN_SYSTEM:
|
|
|
|
return *offset <= len;
|
|
|
|
case MPDU_AUTH_ALGO_SHARED_KEY:
|
|
|
|
if (mpdu->auth.transaction_sequence < 2 ||
|
|
|
|
mpdu->auth.transaction_sequence > 3)
|
|
|
|
return *offset == len;
|
2014-12-12 11:17:43 +01:00
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
if (len < *offset + 2)
|
|
|
|
return false;
|
2014-12-12 11:17:43 +01:00
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
*offset += 2;
|
2014-12-12 11:17:43 +01:00
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
if (mpdu->auth.shared_key_23.element_id !=
|
|
|
|
IE_TYPE_CHALLENGE_TEXT)
|
2014-12-12 11:17:43 +01:00
|
|
|
return false;
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
*offset += mpdu->auth.shared_key_23.challenge_text_len;
|
|
|
|
return *offset <= len;
|
|
|
|
default:
|
|
|
|
return false;
|
2014-12-12 11:17:43 +01:00
|
|
|
}
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
return false;
|
2014-12-12 11:17:43 +01:00
|
|
|
}
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
static bool validate_deauthentication_mgmt_mpdu(const struct mpdu *mpdu,
|
|
|
|
int len, int *offset)
|
2014-12-12 11:17:43 +01:00
|
|
|
{
|
2014-12-18 00:44:44 +01:00
|
|
|
*offset += 2;
|
|
|
|
return *offset <= len;
|
2014-12-12 11:17:43 +01:00
|
|
|
}
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
|
2014-12-12 11:17:43 +01:00
|
|
|
{
|
2014-12-18 00:44:44 +01:00
|
|
|
if (!validate_mgmt_header(mpdu, len, offset))
|
2014-12-12 11:17:43 +01:00
|
|
|
return false;
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
switch (mpdu->fc.subtype) {
|
2015-01-21 12:36:41 +01:00
|
|
|
case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST:
|
|
|
|
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
|
|
|
|
offset, 9);
|
2015-01-21 12:36:42 +01:00
|
|
|
case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE:
|
|
|
|
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
|
|
|
|
offset, 9);
|
2015-01-21 12:36:39 +01:00
|
|
|
case MPDU_MANAGEMENT_SUBTYPE_ATIM:
|
|
|
|
return validate_atim_mgmt_mpdu(mpdu, len, offset);
|
2015-01-21 12:36:40 +01:00
|
|
|
case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:
|
|
|
|
return validate_disassociation_mgmt_mpdu(mpdu, len, offset);
|
2014-12-17 23:22:06 +01:00
|
|
|
case MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION:
|
2014-12-18 00:44:44 +01:00
|
|
|
return validate_authentication_mgmt_mpdu(mpdu, len, offset);
|
2014-12-17 23:22:06 +01:00
|
|
|
case MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION:
|
2014-12-18 00:44:44 +01:00
|
|
|
return validate_deauthentication_mgmt_mpdu(mpdu, len, offset);
|
2014-12-12 11:17:43 +01:00
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
bool mpdu_validate(const unsigned char *frame, int len)
|
2014-12-12 11:17:43 +01:00
|
|
|
{
|
2014-12-18 00:44:44 +01:00
|
|
|
struct mpdu *mpdu;
|
2014-12-17 23:22:06 +01:00
|
|
|
int offset;
|
2014-12-12 11:17:43 +01:00
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
if (!frame)
|
2014-12-12 11:17:43 +01:00
|
|
|
return false;
|
|
|
|
|
2014-12-17 23:22:06 +01:00
|
|
|
if (len < 2)
|
2014-12-12 11:17:43 +01:00
|
|
|
return false;
|
|
|
|
|
2014-12-17 23:22:06 +01:00
|
|
|
offset = 2;
|
2014-12-18 00:44:44 +01:00
|
|
|
mpdu = (struct mpdu *) frame;
|
2014-12-17 23:22:06 +01:00
|
|
|
|
2014-12-18 00:44:44 +01:00
|
|
|
switch (mpdu->fc.type) {
|
2014-12-12 11:17:43 +01:00
|
|
|
case MPDU_TYPE_MANAGEMENT:
|
2014-12-18 00:44:44 +01:00
|
|
|
return validate_mgmt_mpdu(mpdu, len, &offset);
|
2014-12-12 11:17:43 +01:00
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|