mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 08:48:31 -05:00
8b423edbd3
By analysing objdump output some read only structures were found in .data section. To help compiler further optimize code declare these as const. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
117 lines
2.2 KiB
C
117 lines
2.2 KiB
C
/*
|
|
* hostapd - Management frame fuzzer
|
|
* Copyright (c) 2015, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* This software may be distributed under the terms of the BSD license.
|
|
* See README for more details.
|
|
*/
|
|
|
|
#include "utils/includes.h"
|
|
|
|
#include "utils/common.h"
|
|
#include "utils/eloop.h"
|
|
#include "ap/hostapd.h"
|
|
#include "ap/ieee802_11.h"
|
|
|
|
|
|
const struct wpa_driver_ops *const wpa_drivers[] =
|
|
{
|
|
NULL
|
|
};
|
|
|
|
|
|
struct arg_ctx {
|
|
const char *fname;
|
|
struct hostapd_iface iface;
|
|
struct hostapd_data hapd;
|
|
struct wpa_driver_ops driver;
|
|
struct hostapd_config iconf;
|
|
struct hostapd_bss_config conf;
|
|
};
|
|
|
|
|
|
static void test_send_mgmt(void *eloop_data, void *user_ctx)
|
|
{
|
|
struct arg_ctx *ctx = eloop_data;
|
|
char *data;
|
|
size_t len;
|
|
struct hostapd_frame_info fi;
|
|
|
|
wpa_printf(MSG_INFO, "ap-mgmt-fuzzer: Send '%s'", ctx->fname);
|
|
|
|
data = os_readfile(ctx->fname, &len);
|
|
if (!data) {
|
|
wpa_printf(MSG_ERROR, "Could not read '%s'", ctx->fname);
|
|
goto out;
|
|
}
|
|
|
|
wpa_hexdump(MSG_MSGDUMP, "fuzzer - WNM", data, len);
|
|
|
|
os_memset(&fi, 0, sizeof(fi));
|
|
ieee802_11_mgmt(&ctx->hapd, (u8 *) data, len, &fi);
|
|
|
|
out:
|
|
os_free(data);
|
|
eloop_terminate();
|
|
}
|
|
|
|
|
|
static int init_hapd(struct arg_ctx *ctx)
|
|
{
|
|
struct hostapd_data *hapd = &ctx->hapd;
|
|
|
|
hapd->driver = &ctx->driver;
|
|
os_memcpy(hapd->own_addr, "\x02\x00\x00\x00\x03\x00", ETH_ALEN);
|
|
hapd->iface = &ctx->iface;
|
|
hapd->iface->conf = hostapd_config_defaults();;
|
|
if (!hapd->iface->conf)
|
|
return -1;
|
|
hapd->iconf = hapd->iface->conf;
|
|
hapd->conf = hapd->iconf->bss[0];
|
|
hostapd_config_defaults_bss(hapd->conf);
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
struct arg_ctx ctx;
|
|
int ret = -1;
|
|
|
|
if (argc < 2) {
|
|
printf("usage: %s <file>\n", argv[0]);
|
|
return -1;
|
|
}
|
|
|
|
if (os_program_init())
|
|
return -1;
|
|
|
|
wpa_debug_level = 0;
|
|
wpa_debug_show_keys = 1;
|
|
|
|
if (eloop_init()) {
|
|
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
|
|
return -1;
|
|
}
|
|
|
|
os_memset(&ctx, 0, sizeof(ctx));
|
|
ctx.fname = argv[1];
|
|
if (init_hapd(&ctx))
|
|
goto fail;
|
|
|
|
eloop_register_timeout(0, 0, test_send_mgmt, &ctx, NULL);
|
|
|
|
wpa_printf(MSG_DEBUG, "Starting eloop");
|
|
eloop_run();
|
|
wpa_printf(MSG_DEBUG, "eloop done");
|
|
|
|
ret = 0;
|
|
fail:
|
|
hostapd_config_free(ctx.hapd.iconf);
|
|
eloop_destroy();
|
|
os_program_deinit();
|
|
|
|
return ret;
|
|
}
|