From f3b9ed70c5a269826d0232870788b3fdf89d4d26 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 13 Nov 2010 13:14:09 +0200 Subject: [PATCH] wlantest: Validate MMIE KeyID reserved bits --- wlantest/rx_mgmt.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c index 27120df5a..4ee376c39 100644 --- a/wlantest/rx_mgmt.c +++ b/wlantest/rx_mgmt.c @@ -587,7 +587,7 @@ static int check_bip(struct wlantest *wt, const u8 *data, size_t len) const struct ieee80211_mgmt *mgmt; u16 fc, stype; const u8 *mmie; - int keyid; + u16 keyid; struct wlantest_bss *bss; mgmt = (const struct ieee80211_mgmt *) data; @@ -619,6 +619,11 @@ static int check_bip(struct wlantest *wt, const u8 *data, size_t len) mmie = data + len - 16; keyid = WPA_GET_LE16(mmie); + if (keyid & 0xf000) { + wpa_printf(MSG_INFO, "MMIE KeyID reserved bits not zero " + "(%04x) from " MACSTR, keyid, MAC2STR(mgmt->sa)); + keyid &= 0x0fff; + } if (keyid < 4 || keyid > 5) { wpa_printf(MSG_INFO, "Unexpected MMIE KeyID %u from " MACSTR, keyid, MAC2STR(mgmt->sa));