Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

mpdu: Validate beacon mpdu subtype 

We do not currently validate the IEs that are following until the end
of the frame
This commit is contained in:
Tomasz Bursztyka 2015-01-21 13:36:48 +02:00 committed by Denis Kenzior
parent 9ce1745ede
commit 3d5fe2fddd
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/mpdu.c
View File

@ -136,6 +136,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
case MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT: case MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len, return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 3); offset, 3);
case MPDU_MANAGEMENT_SUBTYPE_BEACON:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 5);
case MPDU_MANAGEMENT_SUBTYPE_ATIM: case MPDU_MANAGEMENT_SUBTYPE_ATIM:
return validate_atim_mgmt_mpdu(mpdu, len, offset); return validate_atim_mgmt_mpdu(mpdu, len, offset);
case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION: case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:

10
src/mpdu.h
View File

@ -39,6 +39,7 @@ enum mpdu_management_subtype {
MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST = 0x4, MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST = 0x4,
MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE = 0x5, MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE = 0x5,
MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT = 0x6, MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT = 0x6,
MPDU_MANAGEMENT_SUBTYPE_BEACON = 0x8,
MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9, MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9,
MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA, MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA,
MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB, MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB,
@ -202,6 +203,14 @@ struct mpdu_timing_advertisement {
uint8_t ies[0]; uint8_t ies[0];
} __attribute__ ((packed)); } __attribute__ ((packed));
/* 802.11, Section 8.3.3.2 */
struct mpdu_beacon {
uint8_t timestamp;
__le16 beacon_interval;
struct mpdu_field_capability capability;
uint8_t ies[0];
} __attribute__ ((packed));
/* 802.11, Section 8.3.3.11 */ /* 802.11, Section 8.3.3.11 */
struct mpdu_authentication { struct mpdu_authentication {
__le16 algorithm; __le16 algorithm;
@ -235,6 +244,7 @@ struct mpdu {
struct mpdu_probe_request probe_req; struct mpdu_probe_request probe_req;
struct mpdu_probe_response probe_resp; struct mpdu_probe_response probe_resp;
struct mpdu_timing_advertisement time_advert; struct mpdu_timing_advertisement time_advert;
struct mpdu_beacon beacon;
struct mpdu_disassociation disassoc; struct mpdu_disassociation disassoc;
struct mpdu_authentication auth; struct mpdu_authentication auth;
struct mpdu_deauthentication deauth; struct mpdu_deauthentication deauth;