mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
Avoid misaligned IPv4 header accesses in DATA_TEST_* commands
The IPv4 header after the Ethernet header is not 32-bit aligned and the previous version ended up accessing 32-bit members at misaligned addresses. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
476a634d60
commit
75352270fa
@ -1528,7 +1528,7 @@ void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
|
|||||||
{
|
{
|
||||||
struct hostapd_data *hapd = ctx;
|
struct hostapd_data *hapd = ctx;
|
||||||
const struct ether_header *eth;
|
const struct ether_header *eth;
|
||||||
const struct iphdr *ip;
|
struct iphdr ip;
|
||||||
const u8 *pos;
|
const u8 *pos;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
@ -1536,14 +1536,14 @@ void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
eth = (const struct ether_header *) buf;
|
eth = (const struct ether_header *) buf;
|
||||||
ip = (const struct iphdr *) (eth + 1);
|
os_memcpy(&ip, eth + 1, sizeof(ip));
|
||||||
pos = (const u8 *) (ip + 1);
|
pos = &buf[sizeof(*eth) + sizeof(ip)];
|
||||||
|
|
||||||
if (ip->ihl != 5 || ip->version != 4 ||
|
if (ip.ihl != 5 || ip.version != 4 ||
|
||||||
ntohs(ip->tot_len) != HWSIM_IP_LEN)
|
ntohs(ip.tot_len) != HWSIM_IP_LEN)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) {
|
for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) {
|
||||||
if (*pos != (u8) i)
|
if (*pos != (u8) i)
|
||||||
return;
|
return;
|
||||||
pos++;
|
pos++;
|
||||||
@ -1599,7 +1599,7 @@ static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
|
|||||||
int used;
|
int used;
|
||||||
long int val;
|
long int val;
|
||||||
u8 tos;
|
u8 tos;
|
||||||
u8 buf[HWSIM_PACKETLEN];
|
u8 buf[2 + HWSIM_PACKETLEN];
|
||||||
struct ether_header *eth;
|
struct ether_header *eth;
|
||||||
struct iphdr *ip;
|
struct iphdr *ip;
|
||||||
u8 *dpos;
|
u8 *dpos;
|
||||||
@ -1627,7 +1627,7 @@ static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
|
|||||||
return -1;
|
return -1;
|
||||||
tos = val;
|
tos = val;
|
||||||
|
|
||||||
eth = (struct ether_header *) buf;
|
eth = (struct ether_header *) &buf[2];
|
||||||
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
|
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
|
||||||
os_memcpy(eth->ether_shost, src, ETH_ALEN);
|
os_memcpy(eth->ether_shost, src, ETH_ALEN);
|
||||||
eth->ether_type = htons(ETHERTYPE_IP);
|
eth->ether_type = htons(ETHERTYPE_IP);
|
||||||
@ -1646,7 +1646,7 @@ static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
|
|||||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
|
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
|
||||||
*dpos++ = i;
|
*dpos++ = i;
|
||||||
|
|
||||||
if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, buf,
|
if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2],
|
||||||
HWSIM_PACKETLEN) < 0)
|
HWSIM_PACKETLEN) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
@ -7364,7 +7364,7 @@ void wpas_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
|
|||||||
{
|
{
|
||||||
struct wpa_supplicant *wpa_s = ctx;
|
struct wpa_supplicant *wpa_s = ctx;
|
||||||
const struct ether_header *eth;
|
const struct ether_header *eth;
|
||||||
const struct iphdr *ip;
|
struct iphdr ip;
|
||||||
const u8 *pos;
|
const u8 *pos;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
@ -7372,14 +7372,14 @@ void wpas_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
eth = (const struct ether_header *) buf;
|
eth = (const struct ether_header *) buf;
|
||||||
ip = (const struct iphdr *) (eth + 1);
|
os_memcpy(&ip, eth + 1, sizeof(ip));
|
||||||
pos = (const u8 *) (ip + 1);
|
pos = &buf[sizeof(*eth) + sizeof(ip)];
|
||||||
|
|
||||||
if (ip->ihl != 5 || ip->version != 4 ||
|
if (ip.ihl != 5 || ip.version != 4 ||
|
||||||
ntohs(ip->tot_len) != HWSIM_IP_LEN)
|
ntohs(ip.tot_len) != HWSIM_IP_LEN)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) {
|
for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) {
|
||||||
if (*pos != (u8) i)
|
if (*pos != (u8) i)
|
||||||
return;
|
return;
|
||||||
pos++;
|
pos++;
|
||||||
@ -7426,7 +7426,7 @@ static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
|
|||||||
int used;
|
int used;
|
||||||
long int val;
|
long int val;
|
||||||
u8 tos;
|
u8 tos;
|
||||||
u8 buf[HWSIM_PACKETLEN];
|
u8 buf[2 + HWSIM_PACKETLEN];
|
||||||
struct ether_header *eth;
|
struct ether_header *eth;
|
||||||
struct iphdr *ip;
|
struct iphdr *ip;
|
||||||
u8 *dpos;
|
u8 *dpos;
|
||||||
@ -7454,7 +7454,7 @@ static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
|
|||||||
return -1;
|
return -1;
|
||||||
tos = val;
|
tos = val;
|
||||||
|
|
||||||
eth = (struct ether_header *) buf;
|
eth = (struct ether_header *) &buf[2];
|
||||||
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
|
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
|
||||||
os_memcpy(eth->ether_shost, src, ETH_ALEN);
|
os_memcpy(eth->ether_shost, src, ETH_ALEN);
|
||||||
eth->ether_type = htons(ETHERTYPE_IP);
|
eth->ether_type = htons(ETHERTYPE_IP);
|
||||||
@ -7473,7 +7473,7 @@ static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
|
|||||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
|
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
|
||||||
*dpos++ = i;
|
*dpos++ = i;
|
||||||
|
|
||||||
if (l2_packet_send(wpa_s->l2_test, dst, ETHERTYPE_IP, buf,
|
if (l2_packet_send(wpa_s->l2_test, dst, ETHERTYPE_IP, &buf[2],
|
||||||
HWSIM_PACKETLEN) < 0)
|
HWSIM_PACKETLEN) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user