Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Simplify Timeout Interval element parsing

Remove the length field from struct ieee802_11_elems since the only
allowed element length is five and that is checked by the parser.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
e8997b9407
commit
b39a05913a
4 changed files with 3 additions and 7 deletions
Split View Show Diff Stats
  1. 0 1
      src/common/ieee802_11_common.c
  2. 0 1
      src/common/ieee802_11_common.h
  3. 0 2
      wlantest/rx_mgmt.c
  4. 3 3
      wlantest/rx_tdls.c

+ 0 - 1
src/common/ieee802_11_common.c
View File 

@@ -263,7 +263,6 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
 
 			if (elen != 5)
 
 				break;
 
 			elems->timeout_int = pos;
 
-			elems->timeout_int_len = elen;
 
 			break;
 
 		case WLAN_EID_HT_CAP:
 
 			elems->ht_capabilities = pos;

+ 0 - 1
src/common/ieee802_11_common.h
View File 

@@ -61,7 +61,6 @@ struct ieee802_11_elems {
 
 	u8 supp_channels_len;
 
 	u8 mdie_len;
 
 	u8 ftie_len;
 
-	u8 timeout_int_len;
 
 	u8 ht_capabilities_len;
 
 	u8 ht_operation_len;
 
 	u8 mesh_config_len;

+ 0 - 2
wlantest/rx_mgmt.c
View File 

@@ -348,7 +348,6 @@ static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
 
 				 "AssocResp from " MACSTR,
 
 				 MAC2STR(mgmt->sa));
 
 		} else if (elems.timeout_int == NULL ||
 
-			   elems.timeout_int_len != 5 ||
 
 			   elems.timeout_int[0] !=
 
 			   WLAN_TIMEOUT_ASSOC_COMEBACK) {
 
 			add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
 
@@ -481,7 +480,6 @@ static void rx_mgmt_reassoc_resp(struct wlantest *wt, const u8 *data,
 
 				 "ReassocResp from " MACSTR,
 
 				 MAC2STR(mgmt->sa));
 
 		} else if (elems.timeout_int == NULL ||
 
-			   elems.timeout_int_len != 5 ||
 
 			   elems.timeout_int[0] !=
 
 			   WLAN_TIMEOUT_ASSOC_COMEBACK) {
 
 			add_note(wt, MSG_INFO, "No valid Timeout Interval IE "

+ 3 - 3
wlantest/rx_tdls.c
View File 

@@ -147,7 +147,7 @@ static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
 
 		return -1;
 
 
 	len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + elems->rsn_ie_len +
 
-		2 + elems->timeout_int_len + 2 + elems->ftie_len;
 
+		2 + 5 + 2 + elems->ftie_len;
 
 
 	buf = os_zalloc(len);
 
 	if (buf == NULL)
 
@@ -169,8 +169,8 @@ static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
 
 	os_memcpy(pos, elems->rsn_ie - 2, 2 + elems->rsn_ie_len);
 
 	pos += 2 + elems->rsn_ie_len;
 
 	/* 6) Timeout Interval IE */
 
-	os_memcpy(pos, elems->timeout_int - 2, 2 + elems->timeout_int_len);
 
-	pos += 2 + elems->timeout_int_len;
 
+	os_memcpy(pos, elems->timeout_int - 2, 2 + 5);
 
+	pos += 2 + 5;
 
 	/* 7) FTIE, with the MIC field of the FTIE set to 0 */
 
 	os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
 
 	pos += 2;