From e106033fce2b192a9f2a7b9975a0987255a5c361 Mon Sep 17 00:00:00 2001
From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Date: Wed, 21 Jan 2015 13:36:39 +0200
Subject: [PATCH] mpdu: Validate ATIM mpdu subtype

ATIM management frames have an empty body.
---
 src/mpdu.c | 8 ++++++++
 src/mpdu.h | 1 +
 2 files changed, 9 insertions(+)

diff --git a/src/mpdu.c b/src/mpdu.c
index 06c17a1c..bab12685 100644
--- a/src/mpdu.c
+++ b/src/mpdu.c
@@ -48,6 +48,12 @@ static bool validate_mgmt_header(const struct mpdu *mpdu, int len, int *offset)
 	return true;
 }
 
+static bool validate_atim_mgmt_mpdu(const struct mpdu *mpdu,
+					int len, int *offset)
+{
+	return *offset == len;
+}
+
 static bool validate_authentication_mgmt_mpdu(const struct mpdu *mpdu,
 						int len, int *offset)
 {
@@ -95,6 +101,8 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
 		return false;
 
 	switch (mpdu->fc.subtype) {
+	case MPDU_MANAGEMENT_SUBTYPE_ATIM:
+		return validate_atim_mgmt_mpdu(mpdu, len, offset);
 	case MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION:
 		return validate_authentication_mgmt_mpdu(mpdu, len, offset);
 	case MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION:
diff --git a/src/mpdu.h b/src/mpdu.h
index a4dfe2c7..bd03dc1d 100644
--- a/src/mpdu.h
+++ b/src/mpdu.h
@@ -32,6 +32,7 @@ enum mpdu_type {
 
 /* 802.11, Table 8-1 "Valid type and subtype combinations" */
 enum mpdu_management_subtype {
+	MPDU_MANAGEMENT_SUBTYPE_ATIM             = 0x9,
 	MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION   = 0xB,
 	MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = 0xC,
 };