wlantest: Allow injection of unprotected frames to unknown BSS
This commit is contained in:
Jouni Malinen
parent
17f6b90056
commit
02b915f689
2 changed files with 17 additions and 7 deletions
|
|
@ -1154,14 +1154,17 @@ static void ctrl_send_(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
|
||||||
}
|
}
|
||||||
|
|
||||||
bss = bss_find(wt, bssid);
|
bss = bss_find(wt, bssid);
|
||||||
if (bss == NULL) {
|
if (bss == NULL && prot != WLANTEST_INJECT_UNPROTECTED) {
|
||||||
wpa_printf(MSG_INFO, "Unknown BSSID");
|
wpa_printf(MSG_INFO, "Unknown BSSID");
|
||||||
ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
|
ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
sta = sta_find(bss, sta_addr);
|
if (bss)
|
||||||
if (sta == NULL) {
|
sta = sta_find(bss, sta_addr);
|
||||||
|
else
|
||||||
|
sta = NULL;
|
||||||
|
if (sta == NULL && prot != WLANTEST_INJECT_UNPROTECTED) {
|
||||||
wpa_printf(MSG_INFO, "Unknown STA address");
|
wpa_printf(MSG_INFO, "Unknown STA address");
|
||||||
ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
|
ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
|
||||||
return;
|
return;
|
||||||
|
|
|
||||||
|
|
@ -326,13 +326,20 @@ int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (prot != WLANTEST_INJECT_UNPROTECTED &&
|
||||||
|
(bss == NULL || sta == NULL)) {
|
||||||
|
wpa_printf(MSG_INFO, "No BSS/STA information to inject "
|
||||||
|
"protected frames");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
hdr = (struct ieee80211_hdr *) frame;
|
hdr = (struct ieee80211_hdr *) frame;
|
||||||
fc = le_to_host16(hdr->frame_control);
|
fc = le_to_host16(hdr->frame_control);
|
||||||
protectable = WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA ||
|
protectable = WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA ||
|
||||||
is_robust_mgmt(frame, len);
|
is_robust_mgmt(frame, len);
|
||||||
|
|
||||||
if (prot == WLANTEST_INJECT_PROTECTED ||
|
if ((prot == WLANTEST_INJECT_PROTECTED ||
|
||||||
prot == WLANTEST_INJECT_INCORRECT_KEY) {
|
prot == WLANTEST_INJECT_INCORRECT_KEY) && bss) {
|
||||||
if (!sta &&
|
if (!sta &&
|
||||||
((WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
|
((WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
|
||||||
!bss->igtk_set[bss->igtk_idx]) ||
|
!bss->igtk_set[bss->igtk_idx]) ||
|
||||||
|
|
@ -350,7 +357,7 @@ int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
protect = 1;
|
protect = 1;
|
||||||
} else if (protectable && prot != WLANTEST_INJECT_UNPROTECTED) {
|
} else if (protectable && prot != WLANTEST_INJECT_UNPROTECTED && bss) {
|
||||||
if (sta && sta->ptk_set)
|
if (sta && sta->ptk_set)
|
||||||
protect = 1;
|
protect = 1;
|
||||||
else if (!sta) {
|
else if (!sta) {
|
||||||
|
|
@ -363,7 +370,7 @@ int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (protect)
|
if (protect && bss)
|
||||||
return wlantest_inject_prot(
|
return wlantest_inject_prot(
|
||||||
wt, bss, sta, frame, len,
|
wt, bss, sta, frame, len,
|
||||||
prot == WLANTEST_INJECT_INCORRECT_KEY);
|
prot == WLANTEST_INJECT_INCORRECT_KEY);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue