3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-20 02:32:36 +01:00

mpdu: Validate reassociation request mpdu subtype

We do not currently validate the IEs that are following until the end
of the frame.
This commit is contained in:
Tomasz Bursztyka 2015-01-21 13:36:43 +02:00 committed by Denis Kenzior
parent 8353ac445d
commit efcaefc5dd
2 changed files with 19 additions and 6 deletions

View File

@ -121,6 +121,9 @@ static bool validate_mgmt_mpdu(const struct mpdu *mpdu, int len, int *offset)
case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 9);
case MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST:
return validate_on_ies_start_position_mgmt_mpdu(mpdu, len,
offset, 15);
case MPDU_MANAGEMENT_SUBTYPE_ATIM:
return validate_atim_mgmt_mpdu(mpdu, len, offset);
case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:

View File

@ -34,6 +34,7 @@ enum mpdu_type {
enum mpdu_management_subtype {
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = 0x0,
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = 0x1,
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST = 0x2,
MPDU_MANAGEMENT_SUBTYPE_ATIM = 0x9,
MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION = 0xA,
MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION = 0xB,
@ -155,6 +156,14 @@ struct mpdu_association_response {
uint8_t ies[0];
} __attribute__ ((packed));
/* 802.11, Section 8.3.3.7 */
struct mpdu_reassociation_request {
struct mpdu_field_capability capability;
__le16 listen_interval;
unsigned char current_ap_address[6];
uint8_t ies[0];
} __attribute__ ((packed));
/* 802.11, Section 8.3.3.4 */
struct mpdu_disassociation {
__le16 reason_code;
@ -189,6 +198,7 @@ struct mpdu {
union {
struct mpdu_association_request assoc_req;
struct mpdu_association_response assoc_resp;
struct mpdu_reassociation_request reassoc_req;
struct mpdu_disassociation disassoc;
struct mpdu_authentication auth;
struct mpdu_deauthentication deauth;