From 8353ac445dc01c7caa6cc32df451bac4d53a51ab Mon Sep 17 00:00:00 2001 From: Tomasz Bursztyka Date: Wed, 21 Jan 2015 13:36:42 +0200 Subject: [PATCH] mpdu: Validate association response mpdu subtype We do not currently validate the IEs that are following until the end of the frame. --- src/mpdu.c | 3 +++ src/mpdu.h | 20 +++++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/mpdu.c b/src/mpdu.c index 19290d83..888fbff0 100644 --- a/src/mpdu.c +++ b/src/mpdu.c @@ -118,6 +118,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset) case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST: return validate_on_ies_start_position_mgmt_mpdu(mpdu, len, offset, 9); + case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE: + return validate_on_ies_start_position_mgmt_mpdu(mpdu, len, + offset, 9); case MPDU_MANAGEMENT_SUBTYPE_ATIM: return validate_atim_mgmt_mpdu(mpdu, len, offset); case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION: diff --git a/src/mpdu.h b/src/mpdu.h index 2180a3a8..a914e70f 100644 --- a/src/mpdu.h +++ b/src/mpdu.h @@ -32,11 +32,12 @@ enum mpdu_type { /* 802.11, Table 8-1 "Valid type and subtype combinations" */ enum mpdu_management_subtype { - MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = 0x0, - MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9, - MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA, - MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB, - MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = 0xC, + MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = 0x0, + MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = 0x1, + MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9, + MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA, + MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB, + MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = 0xC, }; /* 802.11, Section 8.4.1.1 Authentication Algorithm Number field */ @@ -146,6 +147,14 @@ struct mpdu_association_request { uint8_t ies[0]; } __attribute__ ((packed)); +/* 802.11, Section 8.3.3.6 */ +struct mpdu_association_response { + struct mpdu_field_capability capability; + __le16 status_code; + __le16 aid; + uint8_t ies[0]; +} __attribute__ ((packed)); + /* 802.11, Section 8.3.3.4 */ struct mpdu_disassociation { __le16 reason_code; @@ -179,6 +188,7 @@ struct mpdu { struct mpdu_mgmt_header mgmt_hdr; union { struct mpdu_association_request assoc_req; + struct mpdu_association_response assoc_resp; struct mpdu_disassociation disassoc; struct mpdu_authentication auth; struct mpdu_deauthentication deauth;