tests: Skip malformed SAE authentication frames

The parsed 'length' field might pointsbeyond the end of the frame, for
some malformed frames. I haven't figured the source of said packets (I'm
using kernel 4.14.177, FWIW), but we can at least be safer about our
handling of them here.

Signed-off-by: Brian Norris <briannorris@chromium.org>
This commit is contained in:
Brian Norris 2020-06-08 16:47:53 -07:00 committed by Jouni Malinen
parent 2f9e2f9044
commit ddd821365a

View File

@ -1788,8 +1788,10 @@ def build_sae_commit(bssid, addr, group=21, token=None):
def sae_rx_commit_token_req(sock, radiotap, send_two=False):
msg = sock.recv(1500)
ver, pad, len, present = struct.unpack('<BBHL', msg[0:8])
frame = msg[len:]
ver, pad, length, present = struct.unpack('<BBHL', msg[0:8])
frame = msg[length:]
if len(frame) < 4:
return False
fc, duration = struct.unpack('<HH', frame[0:4])
if fc != 0xb0:
return False