mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
Simplify Timeout Interval element parsing
Remove the length field from struct ieee802_11_elems since the only allowed element length is five and that is checked by the parser. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
e8997b9407
commit
b39a05913a
@ -263,7 +263,6 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
|
||||
if (elen != 5)
|
||||
break;
|
||||
elems->timeout_int = pos;
|
||||
elems->timeout_int_len = elen;
|
||||
break;
|
||||
case WLAN_EID_HT_CAP:
|
||||
elems->ht_capabilities = pos;
|
||||
|
@ -61,7 +61,6 @@ struct ieee802_11_elems {
|
||||
u8 supp_channels_len;
|
||||
u8 mdie_len;
|
||||
u8 ftie_len;
|
||||
u8 timeout_int_len;
|
||||
u8 ht_capabilities_len;
|
||||
u8 ht_operation_len;
|
||||
u8 mesh_config_len;
|
||||
|
@ -348,7 +348,6 @@ static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
|
||||
"AssocResp from " MACSTR,
|
||||
MAC2STR(mgmt->sa));
|
||||
} else if (elems.timeout_int == NULL ||
|
||||
elems.timeout_int_len != 5 ||
|
||||
elems.timeout_int[0] !=
|
||||
WLAN_TIMEOUT_ASSOC_COMEBACK) {
|
||||
add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
|
||||
@ -481,7 +480,6 @@ static void rx_mgmt_reassoc_resp(struct wlantest *wt, const u8 *data,
|
||||
"ReassocResp from " MACSTR,
|
||||
MAC2STR(mgmt->sa));
|
||||
} else if (elems.timeout_int == NULL ||
|
||||
elems.timeout_int_len != 5 ||
|
||||
elems.timeout_int[0] !=
|
||||
WLAN_TIMEOUT_ASSOC_COMEBACK) {
|
||||
add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
|
||||
|
@ -147,7 +147,7 @@ static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
|
||||
return -1;
|
||||
|
||||
len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + elems->rsn_ie_len +
|
||||
2 + elems->timeout_int_len + 2 + elems->ftie_len;
|
||||
2 + 5 + 2 + elems->ftie_len;
|
||||
|
||||
buf = os_zalloc(len);
|
||||
if (buf == NULL)
|
||||
@ -169,8 +169,8 @@ static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
|
||||
os_memcpy(pos, elems->rsn_ie - 2, 2 + elems->rsn_ie_len);
|
||||
pos += 2 + elems->rsn_ie_len;
|
||||
/* 6) Timeout Interval IE */
|
||||
os_memcpy(pos, elems->timeout_int - 2, 2 + elems->timeout_int_len);
|
||||
pos += 2 + elems->timeout_int_len;
|
||||
os_memcpy(pos, elems->timeout_int - 2, 2 + 5);
|
||||
pos += 2 + 5;
|
||||
/* 7) FTIE, with the MIC field of the FTIE set to 0 */
|
||||
os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
|
||||
pos += 2;
|
||||
|
Loading…
Reference in New Issue
Block a user