Move SA Query frame length check to the shared handler function
Check the length in the common handler functions instead of both callers. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
002edb6303
commit
700b3f395e
3 changed files with 12 additions and 22 deletions
|
|
@ -1110,8 +1110,9 @@ static void hostapd_action_rx(struct hostapd_data *hapd,
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_IEEE80211R_AP */
|
#endif /* CONFIG_IEEE80211R_AP */
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
if (mgmt->u.action.category == WLAN_ACTION_SA_QUERY && plen >= 4) {
|
if (mgmt->u.action.category == WLAN_ACTION_SA_QUERY) {
|
||||||
ieee802_11_sa_query_action(hapd, mgmt, drv_mgmt->frame_len);
|
ieee802_11_sa_query_action(hapd, mgmt, drv_mgmt->frame_len);
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
#ifdef CONFIG_WNM_AP
|
#ifdef CONFIG_WNM_AP
|
||||||
|
|
|
||||||
|
|
@ -4102,26 +4102,6 @@ static void handle_beacon(struct hostapd_data *hapd,
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
|
|
||||||
static int hostapd_sa_query_action(struct hostapd_data *hapd,
|
|
||||||
const struct ieee80211_mgmt *mgmt,
|
|
||||||
size_t len)
|
|
||||||
{
|
|
||||||
const u8 *end;
|
|
||||||
|
|
||||||
end = mgmt->u.action.u.sa_query_resp.trans_id +
|
|
||||||
WLAN_SA_QUERY_TR_ID_LEN;
|
|
||||||
if (((u8 *) mgmt) + len < end) {
|
|
||||||
wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
|
|
||||||
"frame (len=%lu)", (unsigned long) len);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
ieee802_11_sa_query_action(hapd, mgmt, len);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static int robust_action_frame(u8 category)
|
static int robust_action_frame(u8 category)
|
||||||
{
|
{
|
||||||
return category != WLAN_ACTION_PUBLIC &&
|
return category != WLAN_ACTION_PUBLIC &&
|
||||||
|
|
@ -4207,7 +4187,8 @@ static int handle_action(struct hostapd_data *hapd,
|
||||||
return 1;
|
return 1;
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
case WLAN_ACTION_SA_QUERY:
|
case WLAN_ACTION_SA_QUERY:
|
||||||
return hostapd_sa_query_action(hapd, mgmt, len);
|
ieee802_11_sa_query_action(hapd, mgmt, len);
|
||||||
|
return 1;
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
#ifdef CONFIG_WNM_AP
|
#ifdef CONFIG_WNM_AP
|
||||||
case WLAN_ACTION_WNM:
|
case WLAN_ACTION_WNM:
|
||||||
|
|
|
||||||
|
|
@ -213,6 +213,14 @@ void ieee802_11_sa_query_action(struct hostapd_data *hapd,
|
||||||
const u8 action_type = mgmt->u.action.u.sa_query_resp.action;
|
const u8 action_type = mgmt->u.action.u.sa_query_resp.action;
|
||||||
const u8 *trans_id = mgmt->u.action.u.sa_query_resp.trans_id;
|
const u8 *trans_id = mgmt->u.action.u.sa_query_resp.trans_id;
|
||||||
|
|
||||||
|
if (((const u8 *) mgmt) + len <
|
||||||
|
mgmt->u.action.u.sa_query_resp.variable) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"IEEE 802.11: Too short SA Query Action frame (len=%lu)",
|
||||||
|
(unsigned long) len);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
sta = ap_get_sta(hapd, sa);
|
sta = ap_get_sta(hapd, sa);
|
||||||
|
|
||||||
#ifdef CONFIG_OCV
|
#ifdef CONFIG_OCV
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue