mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 13:02:44 +01:00
mpdu: Refactor Authentication frame validation
Validate the IE order for some of the cases. For other cases, as with the Disassociation, Deauthentication and Action frame types in section 9.3 it's not even clear from the spec the fields are expected to be IEs (in fact for Action frame we know they aren't). For the Shared Key authentication type drop the union with the contents as they can be easier parsed as an IE sequence. For SAE we are not expecting an IE sequence apparently so this is where the union could come useful but let's leave that until we want to support SAE.
This commit is contained in:
parent
3f61a88ed5
commit
6418a23fd5
45
src/mpdu.c
45
src/mpdu.c
@ -578,12 +578,37 @@ static bool validate_authentication_mmpdu(const struct mmpdu_header *mpdu,
|
||||
{
|
||||
uint16_t transaction_sequence;
|
||||
const struct mmpdu_authentication *body = (const void *) mpdu + *offset;
|
||||
static const enum ie_type ie_order_shared_key[] = {
|
||||
IE_TYPE_CHALLENGE_TEXT,
|
||||
IE_TYPE_MULTIBAND,
|
||||
IE_TYPE_VENDOR_SPECIFIC,
|
||||
};
|
||||
static const enum ie_type ie_order_ft[] = {
|
||||
IE_TYPE_RSN,
|
||||
IE_TYPE_MOBILITY_DOMAIN,
|
||||
IE_TYPE_FAST_BSS_TRANSITION,
|
||||
IE_TYPE_TIMEOUT_INTERVAL,
|
||||
IE_TYPE_RIC_DATA,
|
||||
IE_TYPE_FAST_BSS_TRANSITION,
|
||||
IE_TYPE_MULTIBAND,
|
||||
IE_TYPE_VENDOR_SPECIFIC,
|
||||
};
|
||||
static const enum ie_type ie_order_error[] = {
|
||||
IE_TYPE_NEIGHBOR_REPORT,
|
||||
IE_TYPE_VENDOR_SPECIFIC,
|
||||
};
|
||||
|
||||
if (len < *offset + 6)
|
||||
return false;
|
||||
|
||||
*offset += 6;
|
||||
|
||||
if (L_LE16_TO_CPU(L_LE16_TO_CPU(body->status)) != 0)
|
||||
return validate_mgmt_ies(body->ies, len - *offset,
|
||||
ie_order_error,
|
||||
L_ARRAY_SIZE(ie_order_error),
|
||||
false);
|
||||
|
||||
switch (L_LE16_TO_CPU(body->algorithm)) {
|
||||
case MMPDU_AUTH_ALGO_OPEN_SYSTEM:
|
||||
return *offset <= len;
|
||||
@ -592,17 +617,17 @@ static bool validate_authentication_mmpdu(const struct mmpdu_header *mpdu,
|
||||
L_LE16_TO_CPU(body->transaction_sequence);
|
||||
|
||||
if (transaction_sequence < 2 || transaction_sequence > 3)
|
||||
return *offset == len;
|
||||
return *offset <= len;
|
||||
|
||||
if (len < *offset + 2)
|
||||
return false;
|
||||
|
||||
*offset += 2;
|
||||
|
||||
if (body->shared_key_23.element_id != IE_TYPE_CHALLENGE_TEXT)
|
||||
return false;
|
||||
|
||||
*offset += body->shared_key_23.challenge_text_len;
|
||||
return validate_mgmt_ies(body->ies, len - *offset,
|
||||
ie_order_shared_key,
|
||||
L_ARRAY_SIZE(ie_order_shared_key),
|
||||
false);
|
||||
case MMPDU_AUTH_ALGO_FT:
|
||||
return validate_mgmt_ies(body->ies, len - *offset, ie_order_ft,
|
||||
L_ARRAY_SIZE(ie_order_ft),
|
||||
false);
|
||||
case MMPDU_AUTH_ALGO_SAE:
|
||||
return *offset <= len;
|
||||
default:
|
||||
return false;
|
||||
|
10
src/mpdu.h
10
src/mpdu.h
@ -284,15 +284,7 @@ struct mmpdu_authentication {
|
||||
__le16 algorithm;
|
||||
__le16 transaction_sequence;
|
||||
__le16 status;
|
||||
|
||||
union {
|
||||
struct {
|
||||
uint8_t element_id;
|
||||
uint8_t challenge_text_len;
|
||||
unsigned char challenge_text[253];
|
||||
} __attribute__ ((packed)) shared_key_23;
|
||||
};
|
||||
/* ToDo: FT and SAE parts? */
|
||||
uint8_t ies[];
|
||||
} __attribute__ ((packed));
|
||||
|
||||
/* 802.11, Section 8.3.3.12 */
|
||||
|
Loading…
Reference in New Issue
Block a user