Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

MSCS: Fix decapsulating subelements from MSCS descriptor

Browse Source 
Fix pointer sent for decapsulating subelements from MSCS descriptor
IE while processing (re)association response frames.

Fixes: af8ab3208d ("MSCS: Parse result of MSCS setup in (Re)Association Response frames")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Vamsi Krishna 2020-10-13 21:21:13 +05:30 committed by Jouni Malinen
parent cc3d6efa8b
commit 0f7989d8af
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wpa_supplicant/robust_av.c
View File

@ -142,10 +142,13 @@ void wpas_handle_assoc_resp_mscs(struct wpa_supplicant *wpa_s, const u8 *bssid,
return;
mscs_desc_ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_MSCS_DESCRIPTOR);
if (!mscs_desc_ie || mscs_desc_ie[1] < 1)
if (!mscs_desc_ie || mscs_desc_ie[1] <= 8)
return;
mscs_status = get_ie(mscs_desc_ie, mscs_desc_ie[1],
/* Subelements start after (ie_id(1) + ie_len(1) + ext_id(1) +
* request type(1) + upc(2) + stream timeout(4) =) 10.
*/
mscs_status = get_ie(&mscs_desc_ie[10], mscs_desc_ie[1] - 8,
MCSC_SUBELEM_STATUS);
if (!mscs_status || mscs_status[1] < 2)
return;