mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
Avoid misaligned IPv4 header accesses in DATA_TEST_* commands
The IPv4 header after the Ethernet header is not 32-bit aligned and the previous version ended up accessing 32-bit members at misaligned addresses. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
476a634d60
commit
75352270fa
@ -1528,7 +1528,7 @@ void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
|
||||
{
|
||||
struct hostapd_data *hapd = ctx;
|
||||
const struct ether_header *eth;
|
||||
const struct iphdr *ip;
|
||||
struct iphdr ip;
|
||||
const u8 *pos;
|
||||
unsigned int i;
|
||||
|
||||
@ -1536,14 +1536,14 @@ void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
|
||||
return;
|
||||
|
||||
eth = (const struct ether_header *) buf;
|
||||
ip = (const struct iphdr *) (eth + 1);
|
||||
pos = (const u8 *) (ip + 1);
|
||||
os_memcpy(&ip, eth + 1, sizeof(ip));
|
||||
pos = &buf[sizeof(*eth) + sizeof(ip)];
|
||||
|
||||
if (ip->ihl != 5 || ip->version != 4 ||
|
||||
ntohs(ip->tot_len) != HWSIM_IP_LEN)
|
||||
if (ip.ihl != 5 || ip.version != 4 ||
|
||||
ntohs(ip.tot_len) != HWSIM_IP_LEN)
|
||||
return;
|
||||
|
||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) {
|
||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) {
|
||||
if (*pos != (u8) i)
|
||||
return;
|
||||
pos++;
|
||||
@ -1599,7 +1599,7 @@ static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
|
||||
int used;
|
||||
long int val;
|
||||
u8 tos;
|
||||
u8 buf[HWSIM_PACKETLEN];
|
||||
u8 buf[2 + HWSIM_PACKETLEN];
|
||||
struct ether_header *eth;
|
||||
struct iphdr *ip;
|
||||
u8 *dpos;
|
||||
@ -1627,7 +1627,7 @@ static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
|
||||
return -1;
|
||||
tos = val;
|
||||
|
||||
eth = (struct ether_header *) buf;
|
||||
eth = (struct ether_header *) &buf[2];
|
||||
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
|
||||
os_memcpy(eth->ether_shost, src, ETH_ALEN);
|
||||
eth->ether_type = htons(ETHERTYPE_IP);
|
||||
@ -1646,7 +1646,7 @@ static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
|
||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
|
||||
*dpos++ = i;
|
||||
|
||||
if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, buf,
|
||||
if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2],
|
||||
HWSIM_PACKETLEN) < 0)
|
||||
return -1;
|
||||
|
||||
|
@ -7364,7 +7364,7 @@ void wpas_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
|
||||
{
|
||||
struct wpa_supplicant *wpa_s = ctx;
|
||||
const struct ether_header *eth;
|
||||
const struct iphdr *ip;
|
||||
struct iphdr ip;
|
||||
const u8 *pos;
|
||||
unsigned int i;
|
||||
|
||||
@ -7372,14 +7372,14 @@ void wpas_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
|
||||
return;
|
||||
|
||||
eth = (const struct ether_header *) buf;
|
||||
ip = (const struct iphdr *) (eth + 1);
|
||||
pos = (const u8 *) (ip + 1);
|
||||
os_memcpy(&ip, eth + 1, sizeof(ip));
|
||||
pos = &buf[sizeof(*eth) + sizeof(ip)];
|
||||
|
||||
if (ip->ihl != 5 || ip->version != 4 ||
|
||||
ntohs(ip->tot_len) != HWSIM_IP_LEN)
|
||||
if (ip.ihl != 5 || ip.version != 4 ||
|
||||
ntohs(ip.tot_len) != HWSIM_IP_LEN)
|
||||
return;
|
||||
|
||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) {
|
||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) {
|
||||
if (*pos != (u8) i)
|
||||
return;
|
||||
pos++;
|
||||
@ -7426,7 +7426,7 @@ static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
|
||||
int used;
|
||||
long int val;
|
||||
u8 tos;
|
||||
u8 buf[HWSIM_PACKETLEN];
|
||||
u8 buf[2 + HWSIM_PACKETLEN];
|
||||
struct ether_header *eth;
|
||||
struct iphdr *ip;
|
||||
u8 *dpos;
|
||||
@ -7454,7 +7454,7 @@ static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
|
||||
return -1;
|
||||
tos = val;
|
||||
|
||||
eth = (struct ether_header *) buf;
|
||||
eth = (struct ether_header *) &buf[2];
|
||||
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
|
||||
os_memcpy(eth->ether_shost, src, ETH_ALEN);
|
||||
eth->ether_type = htons(ETHERTYPE_IP);
|
||||
@ -7473,7 +7473,7 @@ static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
|
||||
for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
|
||||
*dpos++ = i;
|
||||
|
||||
if (l2_packet_send(wpa_s->l2_test, dst, ETHERTYPE_IP, buf,
|
||||
if (l2_packet_send(wpa_s->l2_test, dst, ETHERTYPE_IP, &buf[2],
|
||||
HWSIM_PACKETLEN) < 0)
|
||||
return -1;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user