From efcaefc5dd8bdee517f47522f3dbb47b5acb1edf Mon Sep 17 00:00:00 2001 From: Tomasz Bursztyka Date: Wed, 21 Jan 2015 13:36:43 +0200 Subject: [PATCH] mpdu: Validate reassociation request mpdu subtype We do not currently validate the IEs that are following until the end of the frame. --- src/mpdu.c | 3 +++ src/mpdu.h | 22 ++++++++++++++++------ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/mpdu.c b/src/mpdu.c index 888fbff0..62928939 100644 --- a/src/mpdu.c +++ b/src/mpdu.c @@ -121,6 +121,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset) case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE: return validate_on_ies_start_position_mgmt_mpdu(mpdu, len, offset, 9); + case MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST: + return validate_on_ies_start_position_mgmt_mpdu(mpdu, len, + offset, 15); case MPDU_MANAGEMENT_SUBTYPE_ATIM: return validate_atim_mgmt_mpdu(mpdu, len, offset); case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION: diff --git a/src/mpdu.h b/src/mpdu.h index a914e70f..3f2ea8d8 100644 --- a/src/mpdu.h +++ b/src/mpdu.h @@ -32,12 +32,13 @@ enum mpdu_type { /* 802.11, Table 8-1 "Valid type and subtype combinations" */ enum mpdu_management_subtype { - MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = 0x0, - MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = 0x1, - MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9, - MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA, - MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB, - MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = 0xC, + MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = 0x0, + MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = 0x1, + MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST = 0x2, + MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9, + MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA, + MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB, + MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = 0xC, }; /* 802.11, Section 8.4.1.1 Authentication Algorithm Number field */ @@ -155,6 +156,14 @@ struct mpdu_association_response { uint8_t ies[0]; } __attribute__ ((packed)); +/* 802.11, Section 8.3.3.7 */ +struct mpdu_reassociation_request { + struct mpdu_field_capability capability; + __le16 listen_interval; + unsigned char current_ap_address[6]; + uint8_t ies[0]; +} __attribute__ ((packed)); + /* 802.11, Section 8.3.3.4 */ struct mpdu_disassociation { __le16 reason_code; @@ -189,6 +198,7 @@ struct mpdu { union { struct mpdu_association_request assoc_req; struct mpdu_association_response assoc_resp; + struct mpdu_reassociation_request reassoc_req; struct mpdu_disassociation disassoc; struct mpdu_authentication auth; struct mpdu_deauthentication deauth;