Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-14 16:09:24 +01:00
Code Releases Activity

mpdu: Validate reassociation response mpdu subtype

Browse Source 
We do not currently validate the IEs that are following until the end
of the frame
This commit is contained in:
Tomasz Bursztyka 2015-01-21 13:36:44 +02:00 committed by Denis Kenzior
parent efcaefc5dd
commit 142a6a8a0c
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/mpdu.c
View File

@ -124,6 +124,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
case MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 15);
case MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 9);
case MPDU_MANAGEMENT_SUBTYPE_ATIM:
return validate_atim_mgmt_mpdu(mpdu, len, offset);
case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:

24
src/mpdu.h
View File

@ -32,13 +32,14 @@ enum mpdu_type {
/* 802.11, Table 8-1 "Valid type and subtype combinations" */
enum mpdu_management_subtype {
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = 0x0,
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = 0x1,
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST = 0x2,
MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9,
MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA,
MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB,
MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = 0xC,
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = 0x0,
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = 0x1,
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST = 0x2,
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE = 0x3,
MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9,
MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA,
MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB,
MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = 0xC,
};
/* 802.11, Section 8.4.1.1 Authentication Algorithm Number field */
@ -164,6 +165,14 @@ struct mpdu_reassociation_request {
uint8_t ies[0];
} __attribute__ ((packed));
/* 802.11, Section 8.3.3.8 */
struct mpdu_reassociation_response {
struct mpdu_field_capability capability;
__le16 status_code;
__le16 aid;
uint8_t ies[0];
} __attribute__ ((packed));
/* 802.11, Section 8.3.3.4 */
struct mpdu_disassociation {
__le16 reason_code;
@ -199,6 +208,7 @@ struct mpdu {
struct mpdu_association_request assoc_req;
struct mpdu_association_response assoc_resp;
struct mpdu_reassociation_request reassoc_req;
struct mpdu_reassociation_response reassoc_resp;
struct mpdu_disassociation disassoc;
struct mpdu_authentication auth;
struct mpdu_deauthentication deauth;