Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 08:48:31 -05:00
Code Issues Projects Releases Wiki Activity

WPS: Remove parent pointer from advertisement state machine

Browse Source
This commit is contained in:
Jouni Malinen 2009-12-19 14:51:36 +02:00
parent 158aff0035
commit a9f92c487f
2 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/wps/wps_upnp_i.h
View File

@ -50,7 +50,6 @@ enum advertisement_type_enum {
*/ */
struct advertisement_state_machine { struct advertisement_state_machine {
struct dl_list list; struct dl_list list;
struct upnp_wps_device_sm *sm; /* parent */
enum advertisement_type_enum type; enum advertisement_type_enum type;
int state; int state;
int nerrors; int nerrors;

22
src/wps/wps_upnp_ssdp.c
View File

@ -130,14 +130,15 @@ static int str_starts(const char *str, const char *start)
* Note: next_advertisement is shared code with msearchreply_* functions * Note: next_advertisement is shared code with msearchreply_* functions
*/ */
static struct wpabuf * static struct wpabuf *
next_advertisement(struct advertisement_state_machine *a, int *islast) next_advertisement(struct upnp_wps_device_sm *sm,
struct advertisement_state_machine *a, int *islast)
{ {
struct wpabuf *msg; struct wpabuf *msg;
char *NTString = ""; char *NTString = "";
char uuid_string[80]; char uuid_string[80];
*islast = 0; *islast = 0;
uuid_bin2str(a->sm->wps->uuid, uuid_string, sizeof(uuid_string)); uuid_bin2str(sm->wps->uuid, uuid_string, sizeof(uuid_string));
msg = wpabuf_alloc(800); /* more than big enough */ msg = wpabuf_alloc(800); /* more than big enough */
if (msg == NULL) if (msg == NULL)
goto fail; goto fail;
@ -171,7 +172,7 @@ next_advertisement(struct advertisement_state_machine *a, int *islast)
if (a->type != ADVERTISE_DOWN) { if (a->type != ADVERTISE_DOWN) {
/* Where others may get our XML files from */ /* Where others may get our XML files from */
wpabuf_printf(msg, "LOCATION: http://%s:%d/%s\r\n", wpabuf_printf(msg, "LOCATION: http://%s:%d/%s\r\n",
a->sm->ip_addr_text, a->sm->web_port, sm->ip_addr_text, sm->web_port,
UPNP_WPS_DEVICE_XML_FILE); UPNP_WPS_DEVICE_XML_FILE);
} }
@ -244,7 +245,6 @@ void advertisement_state_machine_stop(struct upnp_wps_device_sm *sm,
a->type = ADVERTISE_DOWN; a->type = ADVERTISE_DOWN;
a->state = 0; a->state = 0;
a->sm = sm;
os_memset(&dest, 0, sizeof(dest)); os_memset(&dest, 0, sizeof(dest));
dest.sin_family = AF_INET; dest.sin_family = AF_INET;
@ -252,7 +252,7 @@ void advertisement_state_machine_stop(struct upnp_wps_device_sm *sm,
dest.sin_port = htons(UPNP_MULTICAST_PORT); dest.sin_port = htons(UPNP_MULTICAST_PORT);
while (!islast) { while (!islast) {
msg = next_advertisement(a, &islast); msg = next_advertisement(sm, a, &islast);
if (msg == NULL) if (msg == NULL)
break; break;
if (sendto(sm->multicast_sd, wpabuf_head(msg), wpabuf_len(msg), if (sendto(sm->multicast_sd, wpabuf_head(msg), wpabuf_len(msg),
@ -291,7 +291,7 @@ static void advertisement_state_machine_handler(void *eloop_data,
*/ */
wpa_printf(MSG_MSGDUMP, "WPS UPnP: Advertisement state=%d", a->state); wpa_printf(MSG_MSGDUMP, "WPS UPnP: Advertisement state=%d", a->state);
msg = next_advertisement(a, &islast); msg = next_advertisement(sm, a, &islast);
if (msg == NULL) if (msg == NULL)
return; return;
@ -356,7 +356,6 @@ int advertisement_state_machine_start(struct upnp_wps_device_sm *sm)
*/ */
a->type = ADVERTISE_DOWN; a->type = ADVERTISE_DOWN;
a->state = 0; a->state = 0;
a->sm = sm;
/* (other fields not used here) */ /* (other fields not used here) */
/* First timeout should be random interval < 100 msec */ /* First timeout should be random interval < 100 msec */
@ -375,10 +374,6 @@ int advertisement_state_machine_start(struct upnp_wps_device_sm *sm)
* They are sent in response to a UDP M-SEARCH packet. * They are sent in response to a UDP M-SEARCH packet.
**************************************************************************/ **************************************************************************/
static void msearchreply_state_machine_handler(void *eloop_data,
void *user_ctx);
/** /**
* msearchreply_state_machine_stop - Stop M-SEARCH reply state machine * msearchreply_state_machine_stop - Stop M-SEARCH reply state machine
* @a: Selected advertisement/reply state * @a: Selected advertisement/reply state
@ -395,7 +390,7 @@ static void msearchreply_state_machine_handler(void *eloop_data,
void *user_ctx) void *user_ctx)
{ {
struct advertisement_state_machine *a = user_ctx; struct advertisement_state_machine *a = user_ctx;
struct upnp_wps_device_sm *sm = a->sm; struct upnp_wps_device_sm *sm = eloop_data;
struct wpabuf *msg; struct wpabuf *msg;
int next_timeout_msec = 100; int next_timeout_msec = 100;
int next_timeout_sec = 0; int next_timeout_sec = 0;
@ -413,7 +408,7 @@ static void msearchreply_state_machine_handler(void *eloop_data,
wpa_printf(MSG_MSGDUMP, "WPS UPnP: M-SEARCH reply state=%d (%s:%d)", wpa_printf(MSG_MSGDUMP, "WPS UPnP: M-SEARCH reply state=%d (%s:%d)",
a->state, inet_ntoa(a->client.sin_addr), a->state, inet_ntoa(a->client.sin_addr),
ntohs(a->client.sin_port)); ntohs(a->client.sin_port));
msg = next_advertisement(a, &islast); msg = next_advertisement(sm, a, &islast);
if (msg == NULL) if (msg == NULL)
return; return;
@ -483,7 +478,6 @@ static void msearchreply_state_machine_start(struct upnp_wps_device_sm *sm,
return; return;
a->type = MSEARCH_REPLY; a->type = MSEARCH_REPLY;
a->state = 0; a->state = 0;
a->sm = sm;
os_memcpy(&a->client, client, sizeof(*client)); os_memcpy(&a->client, client, sizeof(*client));
/* Wait time depending on MX value */ /* Wait time depending on MX value */
next_timeout_msec = (1000 * mx * (os_random() & 0xFF)) >> 8; next_timeout_msec = (1000 * mx * (os_random() & 0xFF)) >> 8;