mpdu: Validate timing advertisement mpdu subtype

We do not currently validate the IEs that are following until the end of the frame
2024-11-14 16:09:24 +01:00 · 2015-01-21 13:36:47 +02:00 · 2015-01-21 13:36:47 +02:00 · 9ce1745ede
commit 9ce1745ede
parent 8078f18c35
2 changed files with 12 additions and 0 deletions
--- a/src/mpdu.c
+++ b/src/mpdu.c
@ -133,6 +133,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
 	case MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE:
 		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
 								offset, 5);
+	case MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT:
+		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
+								offset, 3);
 	case MPDU_MANAGEMENT_SUBTYPE_ATIM:
 		return validate_atim_mgmt_mpdu(mpdu, len, offset);
 	case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:
--- a/src/mpdu.h
+++ b/src/mpdu.h
@ -38,6 +38,7 @@ enum mpdu_management_subtype {
 	MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE = 0x3,
 	MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST          = 0x4,
 	MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE         = 0x5,
+	MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT   = 0x6,
 	MPDU_MANAGEMENT_SUBTYPE_ATIM                   = 0x9,
 	MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION         = 0xA,
 	MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION         = 0xB,
@ -194,6 +195,13 @@ struct mpdu_probe_response {
 	uint8_t ies[0];
 } __attribute__ ((packed));

+/* 802.11, Section 8.3.3.15 */
+struct mpdu_timing_advertisement {
+	uint8_t timestamp;
+	struct mpdu_field_capability capability;
+	uint8_t ies[0];
+} __attribute__ ((packed));
+
 /* 802.11, Section 8.3.3.11 */
 struct mpdu_authentication {
 	__le16 algorithm;
@ -226,6 +234,7 @@ struct mpdu {
 		struct mpdu_reassociation_response reassoc_resp;
 		struct mpdu_probe_request probe_req;
 		struct mpdu_probe_response probe_resp;
+		struct mpdu_timing_advertisement time_advert;
 		struct mpdu_disassociation disassoc;
 		struct mpdu_authentication auth;
 		struct mpdu_deauthentication deauth;