3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-10 01:02:39 +01:00

mpdu: Validate timing advertisement mpdu subtype

We do not currently validate the IEs that are following until the end
of the frame
This commit is contained in:
Tomasz Bursztyka 2015-01-21 13:36:47 +02:00 committed by Denis Kenzior
parent 8078f18c35
commit 9ce1745ede
2 changed files with 12 additions and 0 deletions

View File

@ -133,6 +133,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
case MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE: case MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len, return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 5); offset, 5);
case MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 3);
case MPDU_MANAGEMENT_SUBTYPE_ATIM: case MPDU_MANAGEMENT_SUBTYPE_ATIM:
return validate_atim_mgmt_mpdu(mpdu, len, offset); return validate_atim_mgmt_mpdu(mpdu, len, offset);
case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION: case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:

View File

@ -38,6 +38,7 @@ enum mpdu_management_subtype {
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE = 0x3, MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE = 0x3,
MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST = 0x4, MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST = 0x4,
MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE = 0x5, MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE = 0x5,
MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT = 0x6,
MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9, MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9,
MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA, MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA,
MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB, MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB,
@ -194,6 +195,13 @@ struct mpdu_probe_response {
uint8_t ies[0]; uint8_t ies[0];
} __attribute__ ((packed)); } __attribute__ ((packed));
/* 802.11, Section 8.3.3.15 */
struct mpdu_timing_advertisement {
uint8_t timestamp;
struct mpdu_field_capability capability;
uint8_t ies[0];
} __attribute__ ((packed));
/* 802.11, Section 8.3.3.11 */ /* 802.11, Section 8.3.3.11 */
struct mpdu_authentication { struct mpdu_authentication {
__le16 algorithm; __le16 algorithm;
@ -226,6 +234,7 @@ struct mpdu {
struct mpdu_reassociation_response reassoc_resp; struct mpdu_reassociation_response reassoc_resp;
struct mpdu_probe_request probe_req; struct mpdu_probe_request probe_req;
struct mpdu_probe_response probe_resp; struct mpdu_probe_response probe_resp;
struct mpdu_timing_advertisement time_advert;
struct mpdu_disassociation disassoc; struct mpdu_disassociation disassoc;
struct mpdu_authentication auth; struct mpdu_authentication auth;
struct mpdu_deauthentication deauth; struct mpdu_deauthentication deauth;