📄 cmm_sanity.c
字号:
pEid = (PEID_STRUCT) Ptr; // get variable fields from payload and advance the pointer while ((Length + 2 + pEid->Len) <= MsgLen) { switch(pEid->Eid) { case IE_SUPP_REG_CLASS: if(pEid->Len > 0) { *RegClass = *pEid->Octet; } else { DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_SSID (len=%d)\n",pEid->Len)); return FALSE; } break; } Length = Length + 2 + pEid->Len; // Eid[1] + Len[1]+ content[Len] pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len); } return TRUE;}#endif // DOT11N_DRAFT3 ///* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise ========================================================================== */BOOLEAN MlmeScanReqSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT UCHAR *pBssType, OUT CHAR Ssid[], OUT UCHAR *pSsidLen, OUT UCHAR *pScanType) { MLME_SCAN_REQ_STRUCT *Info; Info = (MLME_SCAN_REQ_STRUCT *)(Msg); *pBssType = Info->BssType; *pSsidLen = Info->SsidLen; NdisMoveMemory(Ssid, Info->Ssid, *pSsidLen); *pScanType = Info->ScanType; if ((*pBssType == BSS_INFRA || *pBssType == BSS_ADHOC || *pBssType == BSS_ANY) && (*pScanType == SCAN_ACTIVE || *pScanType == SCAN_PASSIVE#ifdef CONFIG_STA_SUPPORT || *pScanType == SCAN_CISCO_PASSIVE || *pScanType == SCAN_CISCO_ACTIVE || *pScanType == SCAN_CISCO_CHANNEL_LOAD || *pScanType == SCAN_CISCO_NOISE#endif // CONFIG_STA_SUPPORT // )) { return TRUE; } else { DBGPRINT(RT_DEBUG_TRACE, ("MlmeScanReqSanity fail - wrong BssType or ScanType\n")); return FALSE; }}// IRQL = DISPATCH_LEVELUCHAR ChannelSanity( IN PRTMP_ADAPTER pAd, IN UCHAR channel){ int i; for (i = 0; i < pAd->ChannelListNum; i ++) { if (channel == pAd->ChannelList[i].Channel) return 1; } return 0;}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise IRQL = DISPATCH_LEVEL ========================================================================== */BOOLEAN PeerDeauthSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT PUCHAR pAddr2, OUT USHORT *pReason) { PFRAME_802_11 pFrame = (PFRAME_802_11)Msg; COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2); NdisMoveMemory(pReason, &pFrame->Octet[0], 2); return TRUE;}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise IRQL = DISPATCH_LEVEL ========================================================================== */BOOLEAN PeerAuthSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT PUCHAR pAddr, OUT USHORT *pAlg, OUT USHORT *pSeq, OUT USHORT *pStatus, CHAR *pChlgText) { PFRAME_802_11 pFrame = (PFRAME_802_11)Msg; COPY_MAC_ADDR(pAddr, pFrame->Hdr.Addr2); NdisMoveMemory(pAlg, &pFrame->Octet[0], 2); NdisMoveMemory(pSeq, &pFrame->Octet[2], 2); NdisMoveMemory(pStatus, &pFrame->Octet[4], 2); if ((*pAlg == Ndis802_11AuthModeOpen)#ifdef LEAP_SUPPORT || (*pAlg == CISCO_AuthModeLEAP)#endif // LEAP_SUPPORT // ) { if (*pSeq == 1 || *pSeq == 2) { return TRUE; } else { DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong Seg#\n")); return FALSE; } } else if (*pAlg == Ndis802_11AuthModeShared) { if (*pSeq == 1 || *pSeq == 4) { return TRUE; } else if (*pSeq == 2 || *pSeq == 3) { NdisMoveMemory(pChlgText, &pFrame->Octet[8], CIPHER_TEXT_LEN); return TRUE; } else { DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong Seg#\n")); return FALSE; } } else { DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong algorithm\n")); return FALSE; }}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise ========================================================================== */BOOLEAN MlmeAuthReqSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT PUCHAR pAddr, OUT ULONG *pTimeout, OUT USHORT *pAlg) { MLME_AUTH_REQ_STRUCT *pInfo; pInfo = (MLME_AUTH_REQ_STRUCT *)Msg; COPY_MAC_ADDR(pAddr, pInfo->Addr); *pTimeout = pInfo->Timeout; *pAlg = pInfo->Alg; if (((*pAlg == Ndis802_11AuthModeShared) ||(*pAlg == Ndis802_11AuthModeOpen)#ifdef LEAP_SUPPORT || (*pAlg == CISCO_AuthModeLEAP)#endif // LEAP_SUPPORT // ) && ((*pAddr & 0x01) == 0)) { return TRUE; } else { DBGPRINT(RT_DEBUG_TRACE, ("MlmeAuthReqSanity fail - wrong algorithm\n")); return FALSE; }}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise IRQL = DISPATCH_LEVEL ========================================================================== */BOOLEAN MlmeAssocReqSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT PUCHAR pApAddr, OUT USHORT *pCapabilityInfo, OUT ULONG *pTimeout, OUT USHORT *pListenIntv) { MLME_ASSOC_REQ_STRUCT *pInfo; pInfo = (MLME_ASSOC_REQ_STRUCT *)Msg; *pTimeout = pInfo->Timeout; // timeout COPY_MAC_ADDR(pApAddr, pInfo->Addr); // AP address *pCapabilityInfo = pInfo->CapabilityInfo; // capability info *pListenIntv = pInfo->ListenIntv; return TRUE;}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise IRQL = DISPATCH_LEVEL ========================================================================== */BOOLEAN PeerDisassocSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT PUCHAR pAddr2, OUT USHORT *pReason) { PFRAME_802_11 pFrame = (PFRAME_802_11)Msg; COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2); NdisMoveMemory(pReason, &pFrame->Octet[0], 2); return TRUE;}/* ======================================================================== Routine Description: Sanity check NetworkType (11b, 11g or 11a) Arguments: pBss - Pointer to BSS table. Return Value: Ndis802_11DS .......(11b) Ndis802_11OFDM24....(11g) Ndis802_11OFDM5.....(11a) IRQL = DISPATCH_LEVEL ========================================================================*/NDIS_802_11_NETWORK_TYPE NetworkTypeInUseSanity( IN PBSS_ENTRY pBss){ NDIS_802_11_NETWORK_TYPE NetWorkType; UCHAR rate, i; NetWorkType = Ndis802_11DS; if (pBss->Channel <= 14) { // // First check support Rate. // for (i = 0; i < pBss->SupRateLen; i++) { rate = pBss->SupRate[i] & 0x7f; // Mask out basic rate set bit if ((rate == 2) || (rate == 4) || (rate == 11) || (rate == 22)) { continue; } else { // // Otherwise (even rate > 108) means Ndis802_11OFDM24 // NetWorkType = Ndis802_11OFDM24; break; } } // // Second check Extend Rate. // if (NetWorkType != Ndis802_11OFDM24) { for (i = 0; i < pBss->ExtRateLen; i++) { rate = pBss->SupRate[i] & 0x7f; // Mask out basic rate set bit if ((rate == 2) || (rate == 4) || (rate == 11) || (rate == 22)) { continue; } else { // // Otherwise (even rate > 108) means Ndis802_11OFDM24 // NetWorkType = Ndis802_11OFDM24; break; } } } } else { NetWorkType = Ndis802_11OFDM5; } if (pBss->HtCapabilityLen != 0) { if (NetWorkType == Ndis802_11OFDM5) NetWorkType = Ndis802_11OFDM5_N; else NetWorkType = Ndis802_11OFDM24_N; } return NetWorkType;} /* ========================================================================== Description: WPA message sanity check Return: TRUE if all parameters are OK, FALSE otherwise ========================================================================== */BOOLEAN PeerWpaMessageSanity( IN PRTMP_ADAPTER pAd, IN PEAPOL_PACKET pMsg, IN ULONG MsgLen, IN UCHAR MsgType, IN MAC_TABLE_ENTRY *pEntry){ UCHAR mic[LEN_KEY_DESC_MIC], digest[80], KEYDATA[MAX_LEN_OF_RSNIE]; BOOLEAN bReplayDiff = FALSE; BOOLEAN bWPA2 = FALSE; KEY_INFO EapolKeyInfo; UCHAR GroupKeyIndex = 0; NdisZeroMemory(mic, sizeof(mic)); NdisZeroMemory(digest, sizeof(digest)); NdisZeroMemory(KEYDATA, sizeof(KEYDATA)); NdisZeroMemory((PUCHAR)&EapolKeyInfo, sizeof(EapolKeyInfo)); NdisMoveMemory((PUCHAR)&EapolKeyInfo, (PUCHAR)&pMsg->KeyDesc.KeyInfo, sizeof(KEY_INFO)); *((USHORT *)&EapolKeyInfo) = cpu2le16(*((USHORT *)&EapolKeyInfo)); // Choose WPA2 or not if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK)) bWPA2 = TRUE; // 0. Check MsgType if ((MsgType > EAPOL_GROUP_MSG_2) || (MsgType < EAPOL_PAIR_MSG_1)) { DBGPRINT(RT_DEBUG_ERROR, ("The message type is invalid(%d)! \n", MsgType)); return FALSE; } // 1. Replay counter check if (MsgType == EAPOL_PAIR_MSG_1 || MsgType == EAPOL_PAIR_MSG_3 || MsgType == EAPOL_GROUP_MSG_1) // For supplicant { // First validate replay counter, only accept message with larger replay counter. // Let equal pass, some AP start with all zero replay counter UCHAR ZeroReplay[LEN_KEY_DESC_REPLAY]; NdisZeroMemory(ZeroReplay, LEN_KEY_DESC_REPLAY); if ((RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY) != 1) && (RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0)) { bReplayDiff = TRUE; } ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -