From eff468a289d9921e64cb44d3c4eb50365b37948e Mon Sep 17 00:00:00 2001 From: Aditya Kumar Singh Date: Fri, 8 Dec 2023 13:24:09 +0530 Subject: [PATCH] hostapd: MBSSID: fix Non-Inheritance element encoding Currently in Non-Inheritance element, all IEs were added in normal Element ID list. However, extended supported rates is an Extended Element ID and should be added into a separate Extended Element ID list. Also, whenever IE is added, even if one type is not present, length field should be still added with value 0 to indicate accordingly, it can not be left optional. Due to above, whenever Non-Inheritance element IE was included in beacon, in capture it appeared as malformed packet. Fix the above issue by properly encoding the Non-Inheritance element. Signed-off-by: Aditya Kumar Singh --- src/ap/ieee802_11.c | 48 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index f407a5e04cc0..3a5deb08f3b7 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -8023,7 +8023,7 @@ static size_t hostapd_eid_mbssid_elem_len(struct hostapd_data *hapd, struct hostapd_data *bss = hapd->iface->bss[i]; const u8 *auth, *rsn = NULL, *rsnx = NULL; size_t nontx_profile_len, auth_len, xrate_len; - u8 ie_count = 0; + u8 ie_count = 0, ext_ie_count = 0; if (!bss || !bss->conf || !bss->started || mbssid_known_bss(i, known_bss, known_bss_len)) @@ -8065,14 +8065,27 @@ static size_t hostapd_eid_mbssid_elem_len(struct hostapd_data *hapd, if (xrate_len) nontx_profile_len += xrate_len; else if (tx_xrate_len) - ie_count++; + ext_ie_count++; /* For ML Probe resp, solicited hapd's MLE will be in the frame body */ if (bss->conf->mld_ap && (bss != hapd || frame_type != WLAN_FC_STYPE_PROBE_RESP)) nontx_profile_len += hostapd_eid_eht_basic_ml_len(bss, NULL, true); - if (ie_count) - nontx_profile_len += 4 + ie_count; + if (ie_count || ext_ie_count) { + /* Element ID, Length and Element ID Extension (3 octets) + * List Of Element IDs: + * Length (1), Element ID List (0 or more) + * List Of Element ID Extensions: + * Length (1), Element ID Extension List (0 or more) + * Fixed Len: 5 octets + */ + nontx_profile_len += 5; + + if (ie_count) + nontx_profile_len += ie_count; + if (ext_ie_count) + nontx_profile_len += ext_ie_count; + } if (len + nontx_profile_len > 255) break; @@ -8158,7 +8171,9 @@ static u8 * hostapd_eid_mbssid_elem(struct hostapd_data *hapd, u8 *eid, u8 *end, struct hostapd_bss_config *conf; u8 *eid_len_pos, *nontx_bss_start = eid; const u8 *auth, *rsn = NULL, *rsnx = NULL; - u8 ie_count = 0, non_inherit_ie[3]; + u8 ie_count = 0, non_inherit_ie[2]; + u8 ext_ie_count = 0, non_inherit_ext_ie[1]; + u8 *non_inherit_eid_len_offset; size_t auth_len = 0, xrate_len = 0; u16 capab_info; @@ -8226,17 +8241,28 @@ static u8 * hostapd_eid_mbssid_elem(struct hostapd_data *hapd, u8 *eid, u8 *end, if (!rsnx && hostapd_wpa_ie(tx_bss, WLAN_EID_RSNX)) non_inherit_ie[ie_count++] = WLAN_EID_RSNX; if (tx_xrate_len && !xrate_len) - non_inherit_ie[ie_count++] = WLAN_EID_EXT_SUPP_RATES; + non_inherit_ext_ie[ext_ie_count++] = WLAN_EID_EXT_SUPP_RATES; /* For ML Probe resp, solicited hapd's MLE will be in the frame body */ if (bss->conf->mld_ap && (bss != hapd || frame_type != WLAN_FC_STYPE_PROBE_RESP)) eid = hostapd_eid_eht_basic_ml(bss, eid, NULL, true); - if (ie_count) { + if (ie_count || ext_ie_count) { *eid++ = WLAN_EID_EXTENSION; - *eid++ = 2 + ie_count; + non_inherit_eid_len_offset = eid++; *eid++ = WLAN_EID_EXT_NON_INHERITANCE; - *eid++ = ie_count; - os_memcpy(eid, non_inherit_ie, ie_count); - eid += ie_count; + + *eid++ = ie_count ? ie_count : 0; + if (ie_count) { + os_memcpy(eid, non_inherit_ie, ie_count); + eid += ie_count; + } + + *eid++ = ext_ie_count ? ext_ie_count : 0; + if (ext_ie_count) { + os_memcpy(eid, non_inherit_ext_ie, ext_ie_count); + eid += ext_ie_count; + } + + *non_inherit_eid_len_offset = (eid - non_inherit_eid_len_offset) - 1; } *eid_len_pos = (eid - eid_len_pos) - 1; -- 2.17.1