mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 18:58:21 -05:00
89 lines
2.2 KiB
C
89 lines
2.2 KiB
C
|
/*
|
||
|
* FILS HLP request processing
|
||
|
* Copyright (c) 2017, Qualcomm Atheros, Inc.
|
||
|
*
|
||
|
* This software may be distributed under the terms of the BSD license.
|
||
|
* See README for more details.
|
||
|
*/
|
||
|
|
||
|
#include "utils/includes.h"
|
||
|
|
||
|
#include "utils/common.h"
|
||
|
#include "sta_info.h"
|
||
|
#include "fils_hlp.h"
|
||
|
|
||
|
|
||
|
static void fils_process_hlp_req(struct hostapd_data *hapd,
|
||
|
struct sta_info *sta,
|
||
|
const u8 *pos, size_t len)
|
||
|
{
|
||
|
const u8 *pkt, *end;
|
||
|
|
||
|
wpa_printf(MSG_DEBUG, "FILS: HLP request from " MACSTR " (dst=" MACSTR
|
||
|
" src=" MACSTR " len=%u)",
|
||
|
MAC2STR(sta->addr), MAC2STR(pos), MAC2STR(pos + ETH_ALEN),
|
||
|
(unsigned int) len);
|
||
|
if (os_memcmp(sta->addr, pos + ETH_ALEN, ETH_ALEN) != 0) {
|
||
|
wpa_printf(MSG_DEBUG,
|
||
|
"FILS: Ignore HLP request with unexpected source address"
|
||
|
MACSTR, MAC2STR(pos + ETH_ALEN));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
end = pos + len;
|
||
|
pkt = pos + 2 * ETH_ALEN;
|
||
|
if (end - pkt >= 6 &&
|
||
|
os_memcmp(pkt, "\xaa\xaa\x03\x00\x00\x00", 6) == 0)
|
||
|
pkt += 6; /* Remove SNAP/LLC header */
|
||
|
wpa_hexdump(MSG_MSGDUMP, "FILS: HLP request packet", pkt, end - pkt);
|
||
|
}
|
||
|
|
||
|
|
||
|
void fils_process_hlp(struct hostapd_data *hapd, struct sta_info *sta,
|
||
|
const u8 *pos, int left)
|
||
|
{
|
||
|
const u8 *end = pos + left;
|
||
|
u8 *tmp, *tmp_pos;
|
||
|
|
||
|
/* Check if there are any FILS HLP Container elements */
|
||
|
while (end - pos >= 2) {
|
||
|
if (2 + pos[1] > end - pos)
|
||
|
return;
|
||
|
if (pos[0] == WLAN_EID_EXTENSION &&
|
||
|
pos[1] >= 1 + 2 * ETH_ALEN &&
|
||
|
pos[2] == WLAN_EID_EXT_FILS_HLP_CONTAINER)
|
||
|
break;
|
||
|
pos += 2 + pos[1];
|
||
|
}
|
||
|
if (end - pos < 2)
|
||
|
return; /* No FILS HLP Container elements */
|
||
|
|
||
|
tmp = os_malloc(end - pos);
|
||
|
if (!tmp)
|
||
|
return;
|
||
|
|
||
|
while (end - pos >= 2) {
|
||
|
if (2 + pos[1] > end - pos ||
|
||
|
pos[0] != WLAN_EID_EXTENSION ||
|
||
|
pos[1] < 1 + 2 * ETH_ALEN ||
|
||
|
pos[2] != WLAN_EID_EXT_FILS_HLP_CONTAINER)
|
||
|
break;
|
||
|
tmp_pos = tmp;
|
||
|
os_memcpy(tmp_pos, pos + 3, pos[1] - 1);
|
||
|
tmp_pos += pos[1] - 1;
|
||
|
pos += 2 + pos[1];
|
||
|
|
||
|
/* Add possible fragments */
|
||
|
while (end - pos >= 2 && pos[0] == WLAN_EID_FRAGMENT &&
|
||
|
2 + pos[1] <= end - pos) {
|
||
|
os_memcpy(tmp_pos, pos + 2, pos[1]);
|
||
|
tmp_pos += pos[1];
|
||
|
pos += 2 + pos[1];
|
||
|
}
|
||
|
|
||
|
fils_process_hlp_req(hapd, sta, tmp, tmp_pos - tmp);
|
||
|
}
|
||
|
|
||
|
os_free(tmp);
|
||
|
}
|