3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-23 07:29:28 +01:00
iwd/src/mpdu.c
Denis Kenzior 023ba1ea32 mpdu: Fix error
src/mpdu.c: In function ‘mpdu_validate’:
src/mpdu.c:180:9: error: ‘mmpdu’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   mmpdu = (const struct mmpdu_header *) mmpdu;
         ^
2017-08-31 18:23:47 -05:00

200 lines
4.9 KiB
C

/*
*
* Wireless daemon for Linux
*
* Copyright (C) 2014 Intel Corporation. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <ell/ell.h>
#include "ie.h"
#include "mpdu.h"
static bool validate_mgmt_header(const struct mmpdu_header *mpdu,
int len, int *offset)
{
/* Duration + Address1 + Address 2 + Address 3 + SeqCntrl */
if (len < *offset + 22)
return false;
*offset += 22;
if (!mpdu->fc.order)
return true;
if (len < *offset + 4)
return false;
*offset += 4;
return true;
}
static bool validate_on_ies_start_position_mmpdu(
const struct mmpdu_header *mpdu,
int len, int *offset, int position)
{
return *offset + position < len;
}
static bool validate_atim_mmpdu(const struct mmpdu_header *mpdu,
int len, int *offset)
{
return *offset == len;
}
static bool validate_disassociation_mmpdu(const struct mmpdu_header *mpdu,
int len, int *offset)
{
*offset += 2;
return *offset <= len;
}
static bool validate_authentication_mmpdu(const struct mmpdu_header *mpdu,
int len, int *offset)
{
uint16_t transaction_sequence;
const struct mmpdu_authentication *body = (const void *) mpdu + *offset;
if (len < *offset + 6)
return false;
*offset += 6;
switch (L_LE16_TO_CPU(body->algorithm)) {
case MMPDU_AUTH_ALGO_OPEN_SYSTEM:
return *offset <= len;
case MMPDU_AUTH_ALGO_SHARED_KEY:
transaction_sequence =
L_LE16_TO_CPU(body->transaction_sequence);
if (transaction_sequence < 2 || transaction_sequence > 3)
return *offset == len;
if (len < *offset + 2)
return false;
*offset += 2;
if (body->shared_key_23.element_id != IE_TYPE_CHALLENGE_TEXT)
return false;
*offset += body->shared_key_23.challenge_text_len;
return *offset <= len;
default:
return false;
}
return false;
}
static bool validate_deauthentication_mmpdu(const struct mmpdu_header *mpdu,
int len, int *offset)
{
*offset += 2;
return *offset <= len;
}
static bool validate_mgmt_mpdu(const struct mmpdu_header *mpdu, int len,
int *offset)
{
if (!validate_mgmt_header(mpdu, len, offset))
return false;
switch (mpdu->fc.subtype) {
case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 9);
case MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 9);
case MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 15);
case MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 9);
case MPDU_MANAGEMENT_SUBTYPE_PROBE_REQUEST:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 0);
case MPDU_MANAGEMENT_SUBTYPE_PROBE_RESPONSE:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 5);
case MPDU_MANAGEMENT_SUBTYPE_TIMING_ADVERTISEMENT:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 3);
case MPDU_MANAGEMENT_SUBTYPE_BEACON:
return validate_on_ies_start_position_mmpdu(mpdu, len,
offset, 5);
case MPDU_MANAGEMENT_SUBTYPE_ATIM:
return validate_atim_mmpdu(mpdu, len, offset);
case MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION:
return validate_disassociation_mmpdu(mpdu, len, offset);
case MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION:
return validate_authentication_mmpdu(mpdu, len, offset);
case MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION:
return validate_deauthentication_mmpdu(mpdu, len, offset);
default:
return false;
}
return true;
}
const struct mmpdu_header *mpdu_validate(const uint8_t *frame, int len)
{
const struct mpdu_fc *fc;
const struct mmpdu_header *mmpdu;
int offset;
if (!frame)
return NULL;
if (len < 2)
return NULL;
offset = 2;
fc = (const struct mpdu_fc *) frame;
switch (fc->type) {
case MPDU_TYPE_MANAGEMENT:
mmpdu = (const struct mmpdu_header *) frame;
if (validate_mgmt_mpdu(mmpdu, len, &offset))
return mmpdu;
return NULL;
default:
return NULL;
}
}
static size_t mmpdu_header_len(const struct mmpdu_header *mmpdu)
{
return mmpdu->fc.order == 0 ? 24 : 28;
}
const void *mmpdu_body(const struct mmpdu_header *mmpdu)
{
return ((const uint8_t *) mmpdu + mmpdu_header_len(mmpdu));
}