Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

ft: update action response parsing to include header 

Now the full action frame including the header is provided to ft
which breaks the existing parser since it assumes the buffer starts
at the body of the message.
This commit is contained in:
James Prestwood 2022-09-27 12:47:26 -07:00 committed by Denis Kenzior
parent 8833a7377e
commit 07a9fc6c09
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ft.c
View File

@ -579,13 +579,18 @@ int ft_over_ds_parse_action_response(const uint8_t *frame, size_t frame_len,
const uint8_t **ies_out,
size_t *ies_len)
{
struct mmpdu_header *hdr = (struct mmpdu_header *)frame;
size_t hdr_len = mmpdu_header_len(hdr);
uint16_t status;
const uint8_t *aa;
const uint8_t *spa;
if (frame_len < 16)
if (frame_len < hdr_len + 16)
return -EINVAL;
frame += hdr_len;
frame_len -= hdr_len;
/* Category FT */
if (frame[0] != 6)
return -EINVAL;
@ -597,6 +602,9 @@ int ft_over_ds_parse_action_response(const uint8_t *frame, size_t frame_len,
spa = frame + 2;
aa = frame + 8;
if (memcmp(spa, hdr->address_1, 6))
return -EINVAL;
status = l_get_le16(frame + 14);
if (status != 0)
return (int)status;