From patchwork Fri Oct 29 06:40:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: xinpeng wang X-Patchwork-Id: 1547850 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=nXKRzb71; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HgXsM14q1z9sRN for ; Fri, 29 Oct 2021 17:41:59 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=jye//PMlGBTloovHLMz7mzn9sJoU7St11HKMpfdWSs4=; b=nXKRzb71RNqNS9 EORJBnsxZae1tVHUmcEbumRLD3teLGiCKTDeDvSkMRQg3OfYas/nfzuqe4pSWNlXla/yPkmEduXf0 tAXjBXAOQIYAqz+SfQgu+eR1GtKW042Qg0ajM+HEkHiw3xmepa0Y8qaDMcr14JCeygLrlGxQGWGSN xRuSbb5XWPRdo/AQDYTHZDy+9oeN0+sAiiuRrvgcIYSO/D1i7JjMbGiGpoNRqVjNmVR4fGVk+tguV Iy0mXZ8YzXvbBGOPL6Z+srwT8NtGV01Wz5UJIi7O0O9LsUTeauN25RBPuS+cvI4fSbV4N4wDzIVXT nWlowQ1P36wsuNa0eicA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mgLZQ-009wwa-Mj; Fri, 29 Oct 2021 06:40:56 +0000 Received: from smtpbgsg2.qq.com ([54.254.200.128]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mgLZM-009wvB-UC for hostap@lists.infradead.org; Fri, 29 Oct 2021 06:40:55 +0000 X-QQ-mid: bizesmtp49t1635489626ta84ny9j Received: from localhost.localdomain (unknown [113.57.152.160]) by esmtp6.qq.com (ESMTP) with id ; Fri, 29 Oct 2021 14:40:15 +0800 (CST) X-QQ-SSF: 01400000002000B0C000B00A0000000 X-QQ-FEAT: 4LFlwc+MlXkpCnriwkg3bCadQP49Nbgp96gREkuYUMYrsfTYIeOj/D68ZzMU8 HZHly38BKTyJctpJ3FstB6EAUf1lkCATkI7wTpjCK2RJ1ddFAHUm0tTjuGwYGf12MV6AvLb GzgyGwyBWjGvZft7NrcsZUVc0L7o0hisnjjwdnb3boafx20BTGZaDDokD+W9u0Ca+TPhTZz pF7SgNDlTWG/rebyH2AjAD6MdVAsvDmScK15BFgYzpMjKJ8kT2QFrqs4yGh5D59h2CxVSTb nyEttXARlGmVOOjoYF0wOCYR0XVDPyW82U5OqZSwshJJP8O/DJ9AgOSfp6j+afkPIV5jgzr 8gcKcUgabJB4gkw3wmKDXyhS9d6NA== X-QQ-GoodBg: 2 From: "xinpeng.wang" To: hostap@lists.infradead.org Cc: "xinpeng.wang" Subject: [PATCH] scan: Solve the problem of garbled characters in the scanned ssid Date: Fri, 29 Oct 2021 14:40:12 +0800 Message-Id: <20211029064012.7619-1-wangxinpeng@uniontech.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:uniontech.com:qybgforeign:qybgforeign2 X-QQ-Bgrelay: 1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211028_234053_506336_FC6A516A X-CRM114-Status: GOOD ( 15.98 ) X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Using Netgear WN11V2 usb wireless network card, it is easy to have garbled characters i n the scanned ssid. This is because the driver sends the problem packets to wpa through netlink. These packets a [...] Content analysis details: (-0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [54.254.200.128 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [54.254.200.128 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Using Netgear WN11V2 usb wireless network card, it is easy to have garbled characters i n the scanned ssid. This is because the driver sends the problem packets to wpa through netlink. These packets are only partly seen through wireshark, but the missing parts when sent to wpa are some random values, which may cause the read ssid to be garbled. In the update scan res, check whether the sum of the length of each ie in ies is the same as ie_len. If it is not the same, it is considered to be abnormal packet and discard it. Signed-off-by: xinpeng.wang --- wpa_supplicant/bss.c | 6 ++++++ wpa_supplicant/scan.c | 26 ++++++++++++++++++++++++++ wpa_supplicant/scan.h | 1 + 3 files changed, 33 insertions(+) diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index e13783ce1..1a546fd38 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -779,6 +779,12 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, MACSTR, MAC2STR(res->bssid)); return; } + if (wpa_scan_check_ie(res)) + { + wpa_dbg(wpa_s, MSG_DEBUG, "BSS: IE check error ssid %s for " + MACSTR, wpa_ssid_txt(ssid+2, ssid[1]),MAC2STR(res->bssid)); + return; + } p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE); #ifdef CONFIG_P2P diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index 97a8d9a63..676c177a3 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -1866,6 +1866,32 @@ static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) return rate; } +/** + * wpa_scan_check_ie - Check whether the ies in the scan result is correct + * @res: Scan result entry * + * Returns: 0 means correct,-1 means error + * + * This function checks that the content in ies is legal ie, the + * sum of the length of all ie is equal to ie_len. + */ +int wpa_scan_check_ie(const struct wpa_scan_res *res) +{ + size_t ie_len = res->ie_len; + const struct element *elem; + const u8 *end, *pos; + + /* Use the Beacon frame IEs if res->ie_len is not available */ + if (!ie_len) + ie_len = res->beacon_ie_len; + pos = (const u8 *) (res + 1); + end = pos + res->ie_len; + + for_each_element(elem,pos,ie_len); + + if ((const u8 *)elem == end) + return 0; + return -1; +} /** * wpa_scan_get_ie - Fetch a specified information element from a scan result diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h index d1780eb09..117dd6e02 100644 --- a/wpa_supplicant/scan.h +++ b/wpa_supplicant/scan.h @@ -51,6 +51,7 @@ wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, struct scan_info *info, int new_scan); int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s); const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie); +int wpa_scan_check_ie(const struct wpa_scan_res *res); const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, u32 vendor_type); const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res,