Using Netgear WN11V2 usb wireless network card, it is easy to have garbled characters i n the scanned ssid. This is because the driver sends the problem packets to wpa through netlink. These packets are only partly seen through wireshark, but the missing parts when sent to wpa are some random values, which may cause the read ssid to be garbled. In the update scan res, check whether the sum of the length of each ie in ies is the same as ie_len. If it is not the same, it is considered to be abnormal packet and discard it. Signed-off-by: xinpeng.wang <wangxinpeng@xxxxxxxxxxxxx> --- wpa_supplicant/bss.c | 6 ++++++ wpa_supplicant/scan.c | 26 ++++++++++++++++++++++++++ wpa_supplicant/scan.h | 1 + 3 files changed, 33 insertions(+) diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index e13783ce1..1a546fd38 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -779,6 +779,12 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, MACSTR, MAC2STR(res->bssid)); return; } + if (wpa_scan_check_ie(res)) + { + wpa_dbg(wpa_s, MSG_DEBUG, "BSS: IE check error ssid %s for " + MACSTR, wpa_ssid_txt(ssid+2, ssid[1]),MAC2STR(res->bssid)); + return; + } p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE); #ifdef CONFIG_P2P diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index 97a8d9a63..676c177a3 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -1866,6 +1866,32 @@ static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) return rate; } +/** + * wpa_scan_check_ie - Check whether the ies in the scan result is correct + * @res: Scan result entry * + * Returns: 0 means correct,-1 means error + * + * This function checks that the content in ies is legal ie, the + * sum of the length of all ie is equal to ie_len. + */ +int wpa_scan_check_ie(const struct wpa_scan_res *res) +{ + size_t ie_len = res->ie_len; + const struct element *elem; + const u8 *end, *pos; + + /* Use the Beacon frame IEs if res->ie_len is not available */ + if (!ie_len) + ie_len = res->beacon_ie_len; + pos = (const u8 *) (res + 1); + end = pos + res->ie_len; + + for_each_element(elem,pos,ie_len); + + if ((const u8 *)elem == end) + return 0; + return -1; +} /** * wpa_scan_get_ie - Fetch a specified information element from a scan result diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h index d1780eb09..117dd6e02 100644 --- a/wpa_supplicant/scan.h +++ b/wpa_supplicant/scan.h @@ -51,6 +51,7 @@ wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, struct scan_info *info, int new_scan); int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s); const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie); +int wpa_scan_check_ie(const struct wpa_scan_res *res); const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, u32 vendor_type); const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, -- 2.20.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap