From 80d41221599b9bcf21dddbd1573ea7e84ae0c913 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 14 Mar 2020 17:31:57 +0200 Subject: [PATCH] wlantest: Detect and report plaintext payload in protected frames Signed-off-by: Jouni Malinen --- wlantest/readpcap.c | 1 + wlantest/rx_data.c | 19 +++++++++++++++++++ wlantest/wlantest.h | 1 + 3 files changed, 21 insertions(+) diff --git a/wlantest/readpcap.c b/wlantest/readpcap.c index 6c3853b05..1e7e66260 100644 --- a/wlantest/readpcap.c +++ b/wlantest/readpcap.c @@ -92,6 +92,7 @@ int read_cap_file(struct wlantest *wt, const char *fname) } /* Packet was read without problems */ + wt->frame_num++; wpa_printf(MSG_EXCESSIVE, "pcap hdr: ts=%d.%06d " "len=%u/%u", (int) hdr->ts.tv_sec, (int) hdr->ts.tv_usec, diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c index f0f0df95c..d86a5886c 100644 --- a/wlantest/rx_data.c +++ b/wlantest/rx_data.c @@ -191,6 +191,23 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher, } +static void check_plaintext_prot(struct wlantest *wt, + const struct ieee80211_hdr *hdr, + const u8 *data, size_t len) +{ + if (len < 8 + 3 || data[8] != 0xaa || data[9] != 0xaa || + data[10] != 0x03) + return; + + add_note(wt, MSG_DEBUG, + "Plaintext payload in protected frame"); + wpa_printf(MSG_INFO, "Plaintext payload in protected frame #%u: A2=" + MACSTR " seq=%u", + wt->frame_num, MAC2STR(hdr->addr2), + WLAN_GET_SEQ_SEQ(le_to_host16(hdr->seq_ctrl))); +} + + static void rx_data_bss_prot_group(struct wlantest *wt, const struct ieee80211_hdr *hdr, size_t hdrlen, @@ -241,6 +258,7 @@ static void rx_data_bss_prot_group(struct wlantest *wt, } } + check_plaintext_prot(wt, hdr, data, len); keyid = data[3] >> 6; if (bss->gtk_len[keyid] == 0 && bss->group_cipher != WPA_CIPHER_WEP40) { @@ -401,6 +419,7 @@ static void rx_data_bss_prot(struct wlantest *wt, tdls = found; } } + check_plaintext_prot(wt, hdr, data, len); if ((sta == NULL || (!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) && tk == NULL) { diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h index 2cf51966a..e2395d033 100644 --- a/wlantest/wlantest.h +++ b/wlantest/wlantest.h @@ -195,6 +195,7 @@ struct wlantest { unsigned int rx_ctrl; unsigned int rx_data; unsigned int fcs_error; + unsigned int frame_num; void *write_pcap; /* pcap_t* */ void *write_pcap_dumper; /* pcpa_dumper_t */