mpdu: Validate probe response mpdu subtype

We do not currently validate the IEs that are following until the end of the frame
2024-11-14 16:09:24 +01:00 · 2015-01-21 13:36:46 +02:00 · 2015-01-21 13:36:46 +02:00 · 8078f18c35
commit 8078f18c35
parent cc1cc64843
2 changed files with 13 additions and 0 deletions
--- a/src/mpdu.c
+++ b/src/mpdu.c
@ -130,6 +130,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
 	case MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST:
 		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
 								offset, 0);
 	case MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE:
 		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
 								offset, 5);
 	case MPDU_MANAGEMENT_SUBTYPE_ATIM:
 		return validate_atim_mgmt_mpdu(mpdu, len, offset);
 	case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:
--- a/src/mpdu.h
+++ b/src/mpdu.h
@ -37,6 +37,7 @@ enum mpdu_management_subtype {
 	MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST  = 0x2,
 	MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE = 0x3,
 	MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST          = 0x4,
 	MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE         = 0x5,
 	MPDU_MANAGEMENT_SUBTYPE_ATIM                   = 0x9,
 	MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION         = 0xA,
 	MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION         = 0xB,
@ -185,6 +186,14 @@ struct mpdu_probe_request {
 	uint8_t ies[0];
 } __attribute__ ((packed));
 /* 802.11, Section 8.3.3.10 */
 struct mpdu_probe_response {
 	uint8_t timestamp;
 	__le16 beacon_interval;
 	struct mpdu_field_capability capability;
 	uint8_t ies[0];
 } __attribute__ ((packed));
 /* 802.11, Section 8.3.3.11 */
 struct mpdu_authentication {
 	__le16 algorithm;
@ -216,6 +225,7 @@ struct mpdu {
 		struct mpdu_reassociation_request reassoc_req;
 		struct mpdu_reassociation_response reassoc_resp;
 		struct mpdu_probe_request probe_req;
 		struct mpdu_probe_response probe_resp;
 		struct mpdu_disassociation disassoc;
 		struct mpdu_authentication auth;
 		struct mpdu_deauthentication deauth;