DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wlantest: Defragment the Per-STA Profile subelement

Browse source 
This subelement within the Basic MLE Link Info can be long enough to
require fragmentation, so defragment it before parsing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2023-09-01 18:53:56 +03:00 committed by Jouni Malinen
parent 990600753d
commit de043ec01a
1 changed files with 29 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
wlantest/rx_mgmt.c
View file

@ -64,6 +64,7 @@ static void parse_basic_ml(const u8 *ie, size_t len, bool ap,
const u8 *pos, *end, *ci_end, *info_end, *li_end; const u8 *pos, *end, *ci_end, *info_end, *li_end;
u16 ctrl, eml, cap; u16 ctrl, eml, cap;
const struct element *elem; const struct element *elem;
struct wpabuf *profile = NULL;
wpa_hexdump(MSG_MSGDUMP, "Basic MLE", ie, len); wpa_hexdump(MSG_MSGDUMP, "Basic MLE", ie, len);
pos = ie; pos = ie;
@ -209,6 +210,11 @@ static void parse_basic_ml(const u8 *ie, size_t len, bool ap,
li_end = end; li_end = end;
for_each_element(elem, pos, li_end - pos) { for_each_element(elem, pos, li_end - pos) {
u8 link_id; u8 link_id;
const u8 *fpos;
u8 flen;
if (elem->id == EHT_ML_SUB_ELEM_FRAGMENT)
continue;
if (elem->id != EHT_ML_SUB_ELEM_PER_STA_PROFILE) { if (elem->id != EHT_ML_SUB_ELEM_PER_STA_PROFILE) {
wpa_printf(MSG_DEBUG, "Link Info subelement id=%u", wpa_printf(MSG_DEBUG, "Link Info subelement id=%u",
@ -218,8 +224,25 @@ static void parse_basic_ml(const u8 *ie, size_t len, bool ap,
continue; continue;
} }
pos = elem->data; wpabuf_free(profile);
end = pos + elem->datalen; profile = wpabuf_alloc_copy(elem->data, elem->datalen);
if (!profile)
continue;
flen = elem->datalen;
fpos = elem->data + flen;
while (flen == 255 && li_end - fpos >= 2 &&
*fpos == EHT_ML_SUB_ELEM_FRAGMENT &&
li_end - fpos >= 2 + fpos[1]) {
/* Reassemble truncated subelement */
fpos++;
flen = *fpos++;
if (wpabuf_resize(&profile, flen) < 0)
continue;
wpabuf_put_data(profile, fpos, flen);
fpos += flen;
}
pos = wpabuf_head(profile);
end = pos + wpabuf_len(profile);
if (end - pos < 2) { if (end - pos < 2) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
@ -232,8 +255,8 @@ static void parse_basic_ml(const u8 *ie, size_t len, bool ap,
pos += 2; pos += 2;
link_id = ctrl & BASIC_MLE_STA_CTRL_LINK_ID_MASK; link_id = ctrl & BASIC_MLE_STA_CTRL_LINK_ID_MASK;
wpa_printf(MSG_DEBUG, "Per-STA Profile: len=%u Link_ID=%u Complete=%u Reserved=0x%x", wpa_printf(MSG_DEBUG, "Per-STA Profile: len=%zu Link_ID=%u Complete=%u Reserved=0x%x",
elem->datalen, wpabuf_len(profile),
link_id, link_id,
!!(ctrl & BASIC_MLE_STA_CTRL_COMPLETE_PROFILE), !!(ctrl & BASIC_MLE_STA_CTRL_COMPLETE_PROFILE),
(ctrl & 0xf000) >> 12); (ctrl & 0xf000) >> 12);
@ -341,6 +364,8 @@ static void parse_basic_ml(const u8 *ie, size_t len, bool ap,
wpa_hexdump(MSG_DEBUG, "STA Profile", pos, end - pos); wpa_hexdump(MSG_DEBUG, "STA Profile", pos, end - pos);
} }
wpabuf_free(profile);
} }