Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-30 08:44:03 -05:00
Code Issues Projects Releases Wiki Activity

FST: Validate STIE header in FST Setup Request/Response

Browse Source 
While this is always supposed to be the first element, check that this
is indeed the case instead of blindly using values from within the
element.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-07-26 10:54:58 +03:00
parent e49f535dc5
commit b019955297
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/fst/fst_session.c
View File

@ -376,6 +376,12 @@ static void fst_session_handle_setup_request(struct fst_iface *iface,
plen = frame_len - IEEE80211_HDRLEN - 1; plen = frame_len - IEEE80211_HDRLEN - 1;
req = (const struct fst_setup_req *) req = (const struct fst_setup_req *)
(((const u8 *) mgmt) + IEEE80211_HDRLEN + 1); (((const u8 *) mgmt) + IEEE80211_HDRLEN + 1);
if (req->stie.element_id != WLAN_EID_SESSION_TRANSITION ||
req->stie.length < 11) {
fst_printf_iface(iface, MSG_WARNING,
"FST Request dropped: invalid STIE");
return;
}
if (req->stie.new_band_id == req->stie.old_band_id) { if (req->stie.new_band_id == req->stie.old_band_id) {
fst_printf_iface(iface, MSG_WARNING, fst_printf_iface(iface, MSG_WARNING,
@ -539,6 +545,12 @@ static void fst_session_handle_setup_response(struct fst_session *s,
} }
res = (const struct fst_setup_res *) res = (const struct fst_setup_res *)
(((const u8 *) mgmt) + IEEE80211_HDRLEN + 1); (((const u8 *) mgmt) + IEEE80211_HDRLEN + 1);
if (res->stie.element_id != WLAN_EID_SESSION_TRANSITION ||
res->stie.length < 11) {
fst_printf_iface(iface, MSG_WARNING,
"FST Response dropped: invalid STIE");
return;
}
if (res->dialog_token != s->data.pending_setup_req_dlgt) { if (res->dialog_token != s->data.pending_setup_req_dlgt) {
fst_printf_session(s, MSG_WARNING, fst_printf_session(s, MSG_WARNING,