From 8078f18c350fd4c53961779f2ff75775b9fa3eb3 Mon Sep 17 00:00:00 2001
From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Date: Wed, 21 Jan 2015 13:36:46 +0200
Subject: [PATCH] mpdu: Validate probe response mpdu subtype

We do not currently validate the IEs that are following until the end
of the frame
---
 src/mpdu.c |  3 +++
 src/mpdu.h | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/src/mpdu.c b/src/mpdu.c
index a4069437..cf8d944e 100644
--- a/src/mpdu.c
+++ b/src/mpdu.c
@@ -130,6 +130,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
 	case MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST:
 		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
 								offset, 0);
+	case MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE:
+		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
+								offset, 5);
 	case MPDU_MANAGEMENT_SUBTYPE_ATIM:
 		return validate_atim_mgmt_mpdu(mpdu, len, offset);
 	case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:
diff --git a/src/mpdu.h b/src/mpdu.h
index cd71cfd0..a06dc877 100644
--- a/src/mpdu.h
+++ b/src/mpdu.h
@@ -37,6 +37,7 @@ enum mpdu_management_subtype {
 	MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST  = 0x2,
 	MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE = 0x3,
 	MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST          = 0x4,
+	MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE         = 0x5,
 	MPDU_MANAGEMENT_SUBTYPE_ATIM                   = 0x9,
 	MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION         = 0xA,
 	MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION         = 0xB,
@@ -185,6 +186,14 @@ struct mpdu_probe_request {
 	uint8_t ies[0];
 } __attribute__ ((packed));
 
+/* 802.11, Section 8.3.3.10 */
+struct mpdu_probe_response {
+	uint8_t timestamp;
+	__le16 beacon_interval;
+	struct mpdu_field_capability capability;
+	uint8_t ies[0];
+} __attribute__ ((packed));
+
 /* 802.11, Section 8.3.3.11 */
 struct mpdu_authentication {
 	__le16 algorithm;
@@ -216,6 +225,7 @@ struct mpdu {
 		struct mpdu_reassociation_request reassoc_req;
 		struct mpdu_reassociation_response reassoc_resp;
 		struct mpdu_probe_request probe_req;
+		struct mpdu_probe_response probe_resp;
 		struct mpdu_disassociation disassoc;
 		struct mpdu_authentication auth;
 		struct mpdu_deauthentication deauth;