mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
Use more consistent Action frame RX handling in both AP mode paths
Both handle_action() and hostapd_action_rx() are used for processing received Action frames depending on what type of driver architecture is used (MLME in hostapd vs. driver) and which build options were used to build hostapd. These functions had a bit different sequence for checking the frame and printing debug prints. Make those more consistent by checking that the frame includes the category-specific action field and some payload. Add a debug print for both functions to make it easier to see which path various Action frames use. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ff50101139
commit
e0785ebbbd
@ -1072,19 +1072,23 @@ static void hostapd_action_rx(struct hostapd_data *hapd,
|
|||||||
struct sta_info *sta;
|
struct sta_info *sta;
|
||||||
size_t plen __maybe_unused;
|
size_t plen __maybe_unused;
|
||||||
u16 fc;
|
u16 fc;
|
||||||
|
u8 *action __maybe_unused;
|
||||||
|
|
||||||
if (drv_mgmt->frame_len < 24 + 1)
|
if (drv_mgmt->frame_len < IEEE80211_HDRLEN + 2 + 1)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
plen = drv_mgmt->frame_len - 24 - 1;
|
plen = drv_mgmt->frame_len - IEEE80211_HDRLEN - 1;
|
||||||
|
|
||||||
mgmt = (struct ieee80211_mgmt *) drv_mgmt->frame;
|
mgmt = (struct ieee80211_mgmt *) drv_mgmt->frame;
|
||||||
fc = le_to_host16(mgmt->frame_control);
|
fc = le_to_host16(mgmt->frame_control);
|
||||||
if (WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
|
if (WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
|
||||||
return; /* handled by the driver */
|
return; /* handled by the driver */
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "RX_ACTION cat %d action plen %d",
|
action = (u8 *) &mgmt->u.action.u;
|
||||||
mgmt->u.action.category, (int) plen);
|
wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
|
||||||
|
" da " MACSTR " plen %d",
|
||||||
|
mgmt->u.action.category, *action,
|
||||||
|
MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) plen);
|
||||||
|
|
||||||
sta = ap_get_sta(hapd, mgmt->sa);
|
sta = ap_get_sta(hapd, mgmt->sa);
|
||||||
if (sta == NULL) {
|
if (sta == NULL) {
|
||||||
|
@ -3752,9 +3752,9 @@ static int handle_action(struct hostapd_data *hapd,
|
|||||||
unsigned int freq)
|
unsigned int freq)
|
||||||
{
|
{
|
||||||
struct sta_info *sta;
|
struct sta_info *sta;
|
||||||
sta = ap_get_sta(hapd, mgmt->sa);
|
u8 *action __maybe_unused;
|
||||||
|
|
||||||
if (len < IEEE80211_HDRLEN + 1) {
|
if (len < IEEE80211_HDRLEN + 2 + 1) {
|
||||||
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
||||||
HOSTAPD_LEVEL_DEBUG,
|
HOSTAPD_LEVEL_DEBUG,
|
||||||
"handle_action - too short payload (len=%lu)",
|
"handle_action - too short payload (len=%lu)",
|
||||||
@ -3762,6 +3762,14 @@ static int handle_action(struct hostapd_data *hapd,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
action = (u8 *) &mgmt->u.action.u;
|
||||||
|
wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
|
||||||
|
" da " MACSTR " len %d freq %u",
|
||||||
|
mgmt->u.action.category, *action,
|
||||||
|
MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) len, freq);
|
||||||
|
|
||||||
|
sta = ap_get_sta(hapd, mgmt->sa);
|
||||||
|
|
||||||
if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
|
if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
|
||||||
(sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
|
(sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
|
||||||
wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
|
||||||
|
Loading…
Reference in New Issue
Block a user