aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorArik Nemtsov <arik@wizery.com>2015-02-18 02:35:11 (GMT)
committerJouni Malinen <j@w1.fi>2015-02-21 14:07:53 (GMT)
commitc77ffc6dafe7909f62c0a5f437a439670b089554 (patch)
treef517edb93c6eed0d3aeb8457dc3db539d6dea99e /src/rsn_supp
parent5ce6ac11ab91dfd3e816d4c16be07588b8f819f2 (diff)
downloadhostap-c77ffc6dafe7909f62c0a5f437a439670b089554.zip
hostap-c77ffc6dafe7909f62c0a5f437a439670b089554.tar.gz
hostap-c77ffc6dafe7909f62c0a5f437a439670b089554.tar.bz2
TDLS: Ignore extra padding in all packets
Some APs (e.g., Cisco 1260) sometimes add padding to the end of short TDLS management packets and that can look like invalid IEs. This was allowed on M3 and discovery packets, but not in others. Allow it for the other packets as well, since required IEs are verified in the code anyway. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/tdls.c39
1 files changed, 27 insertions, 12 deletions
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index 10413ed..c1d7749 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -939,10 +939,15 @@ static int wpa_tdls_recv_teardown(struct wpa_sm *sm, const u8 *src_addr,
" (reason code %u)", MAC2STR(src_addr), reason_code);
ielen = len - (pos - buf); /* start of IE in buf */
- if (wpa_supplicant_parse_ies((const u8 *) pos, ielen, &kde) < 0) {
- wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in Teardown");
- return -1;
- }
+
+ /*
+ * Don't reject the message if failing to parse IEs. The IEs we need are
+ * explicitly checked below. Some APs may add arbitrary padding to the
+ * end of short TDLS frames and that would look like invalid IEs.
+ */
+ if (wpa_supplicant_parse_ies((const u8 *) pos, ielen, &kde) < 0)
+ wpa_printf(MSG_DEBUG,
+ "TDLS: Failed to parse IEs in Teardown - ignore as an interop workaround");
if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
wpa_printf(MSG_INFO, "TDLS: No Link Identifier IE in TDLS "
@@ -1823,10 +1828,15 @@ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
cpos += 2;
ielen = len - (cpos - buf); /* start of IE in buf */
- if (wpa_supplicant_parse_ies(cpos, ielen, &kde) < 0) {
- wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in TPK M1");
- goto error;
- }
+
+ /*
+ * Don't reject the message if failing to parse IEs. The IEs we need are
+ * explicitly checked below. Some APs may add arbitrary padding to the
+ * end of short TDLS frames and that would look like invalid IEs.
+ */
+ if (wpa_supplicant_parse_ies(cpos, ielen, &kde) < 0)
+ wpa_printf(MSG_DEBUG,
+ "TDLS: Failed to parse IEs in TPK M1 - ignore as an interop workaround");
if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
wpa_printf(MSG_INFO, "TDLS: No valid Link Identifier IE in "
@@ -2199,10 +2209,15 @@ static int wpa_tdls_process_tpk_m2(struct wpa_sm *sm, const u8 *src_addr,
pos += 2;
ielen = len - (pos - buf); /* start of IE in buf */
- if (wpa_supplicant_parse_ies(pos, ielen, &kde) < 0) {
- wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in TPK M2");
- goto error;
- }
+
+ /*
+ * Don't reject the message if failing to parse IEs. The IEs we need are
+ * explicitly checked below. Some APs may add arbitrary padding to the
+ * end of short TDLS frames and that would look like invalid IEs.
+ */
+ if (wpa_supplicant_parse_ies(pos, ielen, &kde) < 0)
+ wpa_printf(MSG_DEBUG,
+ "TDLS: Failed to parse IEs in TPK M2 - ignore as an interop workaround");
#ifdef CONFIG_TDLS_TESTING
if (tdls_testing & TDLS_TESTING_DECLINE_RESP) {