mpdu: Validate reassociation request mpdu subtype

We do not currently validate the IEs that are following until the end of the frame.
2025-10-31 04:57:25 +01:00 · 2015-01-21 13:36:43 +02:00 · 2015-01-21 13:36:43 +02:00 · efcaefc5dd
commit efcaefc5dd
parent 8353ac445d
2 changed files with 19 additions and 6 deletions
--- a/src/mpdu.c
+++ b/src/mpdu.c
@ -121,6 +121,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
 	case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE:
 		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
 								offset, 9);
+	case MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST:
+		return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
+								offset, 15);
 	case MPDU_MANAGEMENT_SUBTYPE_ATIM:
 		return validate_atim_mgmt_mpdu(mpdu, len, offset);
 	case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:
--- a/src/mpdu.h
+++ b/src/mpdu.h
@ -32,12 +32,13 @@ enum mpdu_type {

 /* 802.11, Table 8-1 "Valid type and subtype combinations" */
 enum mpdu_management_subtype {
-	MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST  = 0x0,
-	MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = 0x1,
-	MPDU_MANAGEMENT_SUBTYPE_ATIM                 = 0x9,
-	MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION       = 0xA,
-	MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION       = 0xB,
-	MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION     = 0xC,
+	MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST   = 0x0,
+	MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE  = 0x1,
+	MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST = 0x2,
+	MPDU_MANAGEMENT_SUBTYPE_ATIM                  = 0x9,
+	MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION        = 0xA,
+	MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION        = 0xB,
+	MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION      = 0xC,
 };

 /* 802.11, Section 8.4.1.1 Authentication Algorithm Number field */
@ -155,6 +156,14 @@ struct mpdu_association_response {
 	uint8_t ies[0];
 } __attribute__ ((packed));

+/* 802.11, Section 8.3.3.7 */
+struct mpdu_reassociation_request {
+	struct mpdu_field_capability capability;
+	__le16 listen_interval;
+	unsigned char current_ap_address[6];
+	uint8_t ies[0];
+} __attribute__ ((packed));
+
 /* 802.11, Section 8.3.3.4 */
 struct mpdu_disassociation {
 	__le16 reason_code;
@ -189,6 +198,7 @@ struct mpdu {
 	union {
 		struct mpdu_association_request assoc_req;
 		struct mpdu_association_response assoc_resp;
+		struct mpdu_reassociation_request reassoc_req;
 		struct mpdu_disassociation disassoc;
 		struct mpdu_authentication auth;
 		struct mpdu_deauthentication deauth;