[PATCH] scan: Solve the problem of garbled characters in the scanned ssid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Using Netgear WN11V2 usb wireless network card, it is easy to have garbled characters i
n the scanned ssid. This is because the driver sends the problem packets to wpa through
netlink. These packets are only partly seen through wireshark, but the missing parts when
sent to wpa are some random values, which may cause the read ssid to be garbled.
In the update scan res, check whether the sum of the length of each ie in ies is the same
as ie_len. If it is not the same, it is considered to be abnormal packet and discard it.

Signed-off-by: xinpeng.wang <wangxinpeng@xxxxxxxxxxxxx>
---
 wpa_supplicant/bss.c  |  6 ++++++
 wpa_supplicant/scan.c | 26 ++++++++++++++++++++++++++
 wpa_supplicant/scan.h |  1 +
 3 files changed, 33 insertions(+)

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index e13783ce1..1a546fd38 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -779,6 +779,12 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
 			MACSTR, MAC2STR(res->bssid));
 		return;
 	}
+	if (wpa_scan_check_ie(res))
+	{
+		wpa_dbg(wpa_s, MSG_DEBUG, "BSS: IE check error ssid %s for "
+			MACSTR, wpa_ssid_txt(ssid+2, ssid[1]),MAC2STR(res->bssid));
+		return;
+	}
 
 	p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
 #ifdef CONFIG_P2P
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 97a8d9a63..676c177a3 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -1866,6 +1866,32 @@ static int wpa_scan_get_max_rate(const struct wpa_scan_res *res)
 	return rate;
 }
 
+/**
+ * wpa_scan_check_ie - Check whether the ies in the scan result is correct
+ * @res: Scan result entry *
+ * Returns: 0 means correct,-1 means error
+ *
+ * This function checks that the content in ies is legal ie, the
+ * sum of the length of all ie is equal to ie_len.
+ */
+int wpa_scan_check_ie(const struct wpa_scan_res *res)
+{
+	size_t ie_len = res->ie_len;
+	const struct element *elem;
+	const u8 *end, *pos;
+
+	/* Use the Beacon frame IEs if res->ie_len is not available */
+	if (!ie_len)
+		ie_len = res->beacon_ie_len;
+	pos = (const u8 *) (res + 1);
+	end = pos + res->ie_len;
+
+	for_each_element(elem,pos,ie_len);
+
+	if ((const u8 *)elem == end)
+		return 0;
+	return -1;
+}
 
 /**
  * wpa_scan_get_ie - Fetch a specified information element from a scan result
diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h
index d1780eb09..117dd6e02 100644
--- a/wpa_supplicant/scan.h
+++ b/wpa_supplicant/scan.h
@@ -51,6 +51,7 @@ wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
 				struct scan_info *info, int new_scan);
 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s);
 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie);
+int wpa_scan_check_ie(const struct wpa_scan_res *res);
 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res,
 				  u32 vendor_type);
 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res,
-- 
2.20.1




_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux