From 27c77751f76348141b3b1ba1ce4771076df44437 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 22 Dec 2012 12:02:15 +0200 Subject: [PATCH] WNM: Fix BSS Transition Management Request processing The WNM-Sleep Mode handler took over WNM Action frame processing without addressing the previously implemented WNM handler. Fix this by moving the BSs Transition Management processing into wnm_sta.c to share a single handler function for WNM Action frames. Signed-hostap: Jouni Malinen --- wpa_supplicant/events.c | 48 ---------------------------------------- wpa_supplicant/wnm_sta.c | 40 ++++++++++++++++++++++++++++++--- 2 files changed, 37 insertions(+), 51 deletions(-) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 441718d7f..baca363f5 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -2283,50 +2283,6 @@ static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s, } -static void wnm_action_rx(struct wpa_supplicant *wpa_s, struct rx_action *rx) -{ - u8 action, mode; - const u8 *pos, *end; - - if (rx->data == NULL || rx->len == 0) - return; - - pos = rx->data; - end = pos + rx->len; - action = *pos++; - - wpa_printf(MSG_DEBUG, "WNM: RX action %u from " MACSTR, - action, MAC2STR(rx->sa)); - switch (action) { - case WNM_BSS_TRANS_MGMT_REQ: - if (pos + 5 > end) - break; - wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management " - "Request: dialog_token=%u request_mode=0x%x " - "disassoc_timer=%u validity_interval=%u", - pos[0], pos[1], WPA_GET_LE16(pos + 2), pos[4]); - mode = pos[1]; - pos += 5; - if (mode & 0x08) - pos += 12; /* BSS Termination Duration */ - if (mode & 0x10) { - char url[256]; - if (pos + 1 > end || pos + 1 + pos[0] > end) { - wpa_printf(MSG_DEBUG, "WNM: Invalid BSS " - "Transition Management Request " - "(URL)"); - break; - } - os_memcpy(url, pos + 1, pos[0]); - url[pos[0]] = '\0'; - wpa_msg(wpa_s, MSG_INFO, "WNM: ESS Disassociation " - "Imminent - session_info_url=%s", url); - } - break; - } -} - - void wpa_supplicant_event(void *ctx, enum wpa_event_type event, union wpa_event_data *data) { @@ -2729,10 +2685,6 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, data->rx_action.freq) == 0) break; #endif /* CONFIG_GAS */ - if (data->rx_action.category == WLAN_ACTION_WNM) { - wnm_action_rx(wpa_s, &data->rx_action); - break; - } #ifdef CONFIG_TDLS if (data->rx_action.category == WLAN_ACTION_PUBLIC && data->rx_action.len >= 4 && diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c index 315722b8c..45c0aa84e 100644 --- a/wpa_supplicant/wnm_sta.c +++ b/wpa_supplicant/wnm_sta.c @@ -296,11 +296,45 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, void ieee802_11_rx_wnm_action(struct wpa_supplicant *wpa_s, struct rx_action *action) { - u8 *pos = (u8 *) action->data; /* point to action field */ - u8 act = *pos++; - /* u8 dialog_token = *pos++; */ + const u8 *pos, *end; + u8 act, mode; + + if (action->data == NULL || action->len == 0) + return; + + pos = action->data; + end = pos + action->len; + act = *pos++; + + wpa_printf(MSG_DEBUG, "WNM: RX action %u from " MACSTR, + act, MAC2STR(action->sa)); switch (act) { + case WNM_BSS_TRANS_MGMT_REQ: + if (pos + 5 > end) + break; + wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management " + "Request: dialog_token=%u request_mode=0x%x " + "disassoc_timer=%u validity_interval=%u", + pos[0], pos[1], WPA_GET_LE16(pos + 2), pos[4]); + mode = pos[1]; + pos += 5; + if (mode & 0x08) + pos += 12; /* BSS Termination Duration */ + if (mode & 0x10) { + char url[256]; + if (pos + 1 > end || pos + 1 + pos[0] > end) { + wpa_printf(MSG_DEBUG, "WNM: Invalid BSS " + "Transition Management Request " + "(URL)"); + break; + } + os_memcpy(url, pos + 1, pos[0]); + url[pos[0]] = '\0'; + wpa_msg(wpa_s, MSG_INFO, "WNM: ESS Disassociation " + "Imminent - session_info_url=%s", url); + } + break; case WNM_SLEEP_MODE_RESP: ieee802_11_rx_wnmsleep_resp(wpa_s, action->data, action->len); break;