aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-01-08 02:53:19 (GMT)
committerJouni Malinen <j@w1.fi>2008-01-08 02:53:19 (GMT)
commitfb450644c11a01816309491bd957b0ca0c9cecdc (patch)
treeacebc49214a360ec50004f5cd9be2f1d677c6aa1 /hostapd
parent7ea2053a37cf09f7f7bfad47f864f1df38c4d4d7 (diff)
downloadhostap-history-fb450644c11a01816309491bd957b0ca0c9cecdc.zip
hostap-history-fb450644c11a01816309491bd957b0ca0c9cecdc.tar.gz
hostap-history-fb450644c11a01816309491bd957b0ca0c9cecdc.tar.bz2
Fixed Reassociation Response callback processing
The function was verifying callback buffer length against incorrect frame, (Re)Association Request, when processing (Re)Association Response callback. Since Reassociation Request is longer than Reassociation Response, this prevented Reassociation Response callbacks from being processed and broke re-association. This affected all drivers that use the internal MLME for association (driver_{hostap,nl80211,test}.c).
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/ChangeLog4
-rw-r--r--hostapd/ieee802_11.c4
2 files changed, 6 insertions, 2 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index a796ab5..586173b 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -1,5 +1,9 @@
ChangeLog for hostapd
+????-??-?? - v0.6.3
+ * fixed Reassociation Response callback processing when using internal
+ MLME (driver_{hostap,nl80211,test}.c)
+
2008-01-01 - v0.6.2
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
lengths properly to avoid potential crash caused by invalid messages
diff --git a/hostapd/ieee802_11.c b/hostapd/ieee802_11.c
index 1925d23..93ef723 100644
--- a/hostapd/ieee802_11.c
+++ b/hostapd/ieee802_11.c
@@ -1565,8 +1565,8 @@ static void handle_assoc_cb(struct hostapd_data *hapd,
return;
}
- if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
- sizeof(mgmt->u.assoc_req))) {
+ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
+ sizeof(mgmt->u.assoc_resp))) {
printf("handle_assoc_cb(reassoc=%d) - too short payload "
"(len=%lu)\n", reassoc, (unsigned long) len);
return;