mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
Simplify DSSS Parameter Set element parsing
Check the element length in the parser and remove the length field from struct ieee802_11_elems since the only allowed element length is one. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ae7a42bde2
commit
f87c99c787
@ -198,7 +198,7 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
|
|||||||
else
|
else
|
||||||
ap->erp = -1;
|
ap->erp = -1;
|
||||||
|
|
||||||
if (elems->ds_params && elems->ds_params_len == 1)
|
if (elems->ds_params)
|
||||||
ap->channel = elems->ds_params[0];
|
ap->channel = elems->ds_params[0];
|
||||||
else if (elems->ht_operation && elems->ht_operation_len >= 1)
|
else if (elems->ht_operation && elems->ht_operation_len >= 1)
|
||||||
ap->channel = elems->ht_operation[0];
|
ap->channel = elems->ht_operation[0];
|
||||||
|
@ -588,7 +588,7 @@ void handle_probe_req(struct hostapd_data *hapd,
|
|||||||
* is less likely to see them (Probe Request frame sent on a
|
* is less likely to see them (Probe Request frame sent on a
|
||||||
* neighboring, but partially overlapping, channel).
|
* neighboring, but partially overlapping, channel).
|
||||||
*/
|
*/
|
||||||
if (elems.ds_params && elems.ds_params_len == 1 &&
|
if (elems.ds_params &&
|
||||||
hapd->iface->current_mode &&
|
hapd->iface->current_mode &&
|
||||||
(hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G ||
|
(hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G ||
|
||||||
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211B) &&
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211B) &&
|
||||||
|
@ -211,8 +211,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
|
|||||||
elems->supp_rates_len = elen;
|
elems->supp_rates_len = elen;
|
||||||
break;
|
break;
|
||||||
case WLAN_EID_DS_PARAMS:
|
case WLAN_EID_DS_PARAMS:
|
||||||
|
if (elen < 1)
|
||||||
|
break;
|
||||||
elems->ds_params = pos;
|
elems->ds_params = pos;
|
||||||
elems->ds_params_len = elen;
|
|
||||||
break;
|
break;
|
||||||
case WLAN_EID_CF_PARAMS:
|
case WLAN_EID_CF_PARAMS:
|
||||||
case WLAN_EID_TIM:
|
case WLAN_EID_TIM:
|
||||||
|
@ -51,7 +51,6 @@ struct ieee802_11_elems {
|
|||||||
|
|
||||||
u8 ssid_len;
|
u8 ssid_len;
|
||||||
u8 supp_rates_len;
|
u8 supp_rates_len;
|
||||||
u8 ds_params_len;
|
|
||||||
u8 challenge_len;
|
u8 challenge_len;
|
||||||
u8 erp_info_len;
|
u8 erp_info_len;
|
||||||
u8 ext_supp_rates_len;
|
u8 ext_supp_rates_len;
|
||||||
|
@ -516,7 +516,7 @@ int p2p_parse_ies(const u8 *data, size_t len, struct p2p_message *msg)
|
|||||||
struct ieee802_11_elems elems;
|
struct ieee802_11_elems elems;
|
||||||
|
|
||||||
ieee802_11_parse_elems(data, len, &elems, 0);
|
ieee802_11_parse_elems(data, len, &elems, 0);
|
||||||
if (elems.ds_params && elems.ds_params_len >= 1)
|
if (elems.ds_params)
|
||||||
msg->ds_params = elems.ds_params;
|
msg->ds_params = elems.ds_params;
|
||||||
if (elems.ssid)
|
if (elems.ssid)
|
||||||
msg->ssid = elems.ssid - 2;
|
msg->ssid = elems.ssid - 2;
|
||||||
|
Loading…
Reference in New Issue
Block a user