wlantest: Validate reserved bits in TKIP/CCMP header
This commit is contained in:
parent
20062114cd
commit
16b8b6eadf
2 changed files with 47 additions and 0 deletions
|
@ -979,6 +979,27 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (bss->group_cipher == WPA_CIPHER_TKIP) {
|
||||||
|
if (data[3] & 0x1f) {
|
||||||
|
wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
|
||||||
|
"non-zero reserved bit",
|
||||||
|
MAC2STR(bss->bssid));
|
||||||
|
}
|
||||||
|
if (data[1] != ((data[0] | 0x20) & 0x7f)) {
|
||||||
|
wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
|
||||||
|
"incorrect WEPSeed[1] (was 0x%x, expected "
|
||||||
|
"0x%x)",
|
||||||
|
MAC2STR(bss->bssid), data[1],
|
||||||
|
(data[0] | 0x20) & 0x7f);
|
||||||
|
}
|
||||||
|
} else if (bss->group_cipher == WPA_CIPHER_CCMP) {
|
||||||
|
if (data[2] != 0 || (data[3] & 0x1f) != 0) {
|
||||||
|
wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used "
|
||||||
|
"non-zero reserved bit",
|
||||||
|
MAC2STR(bss->bssid));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
keyid = data[3] >> 6;
|
keyid = data[3] >> 6;
|
||||||
if (bss->gtk_len[keyid] == 0) {
|
if (bss->gtk_len[keyid] == 0) {
|
||||||
wpa_printf(MSG_MSGDUMP, "No GTK known to decrypt the frame "
|
wpa_printf(MSG_MSGDUMP, "No GTK known to decrypt the frame "
|
||||||
|
@ -1062,6 +1083,27 @@ static void rx_data_bss_prot(struct wlantest *wt,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (sta->pairwise_cipher == WPA_CIPHER_TKIP) {
|
||||||
|
if (data[3] & 0x1f) {
|
||||||
|
wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
|
||||||
|
"non-zero reserved bit",
|
||||||
|
MAC2STR(hdr->addr2));
|
||||||
|
}
|
||||||
|
if (data[1] != ((data[0] | 0x20) & 0x7f)) {
|
||||||
|
wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
|
||||||
|
"incorrect WEPSeed[1] (was 0x%x, expected "
|
||||||
|
"0x%x)",
|
||||||
|
MAC2STR(hdr->addr2), data[1],
|
||||||
|
(data[0] | 0x20) & 0x7f);
|
||||||
|
}
|
||||||
|
} else if (sta->pairwise_cipher == WPA_CIPHER_CCMP) {
|
||||||
|
if (data[2] != 0 || (data[3] & 0x1f) != 0) {
|
||||||
|
wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used "
|
||||||
|
"non-zero reserved bit",
|
||||||
|
MAC2STR(hdr->addr2));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
keyid = data[3] >> 6;
|
keyid = data[3] >> 6;
|
||||||
if (keyid != 0) {
|
if (keyid != 0) {
|
||||||
wpa_printf(MSG_INFO, "Unexpected non-zero KeyID %d in "
|
wpa_printf(MSG_INFO, "Unexpected non-zero KeyID %d in "
|
||||||
|
|
|
@ -686,6 +686,11 @@ static u8 * mgmt_ccmp_decrypt(struct wlantest *wt, const u8 *data, size_t len,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (data[24 + 2] != 0 || (data[24 + 3] & 0x1f) != 0) {
|
||||||
|
wpa_printf(MSG_INFO, "CCMP mgmt frame from " MACSTR " used "
|
||||||
|
"non-zero reserved bit", MAC2STR(hdr->addr2));
|
||||||
|
}
|
||||||
|
|
||||||
keyid = data[24 + 3] >> 6;
|
keyid = data[24 + 3] >> 6;
|
||||||
if (keyid != 0) {
|
if (keyid != 0) {
|
||||||
wpa_printf(MSG_INFO, "Unexpected non-zero KeyID %d in "
|
wpa_printf(MSG_INFO, "Unexpected non-zero KeyID %d in "
|
||||||
|
|
Loading…
Reference in a new issue