X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=libeap%2Fsrc%2Fwps%2Fndef.c;fp=libeap%2Fsrc%2Fwps%2Fndef.c;h=bb3c055486c027ca994054440aa13c4a8df63f53;hp=9baec7f4b27c22c0d7504ed7d865f3ce7b03d0b3;hb=f3746d009c6d7f50025af1f58a85e5fee9680be6;hpb=244f18d04aaf29e68495b5ffeb40ef5cca50942f diff --git a/libeap/src/wps/ndef.c b/libeap/src/wps/ndef.c index 9baec7f..bb3c055 100644 --- a/libeap/src/wps/ndef.c +++ b/libeap/src/wps/ndef.c @@ -1,45 +1,41 @@ /* * NDEF(NFC Data Exchange Format) routines for Wi-Fi Protected Setup * Reference is "NFCForum-TS-NDEF_1.0 2006-07-24". - * Copyright (c) 2009, Masashi Honma + * Copyright (c) 2009-2012, Masashi Honma * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * Alternatively, this software may be distributed under the terms of BSD - * license. - * - * See README and COPYING for more details. + * This software may be distributed under the terms of the BSD license. + * See README for more details. */ #include "includes.h" #include "common.h" #include "wps/wps.h" -#include "wps/wps_i.h" #define FLAG_MESSAGE_BEGIN (1 << 7) #define FLAG_MESSAGE_END (1 << 6) #define FLAG_CHUNK (1 << 5) #define FLAG_SHORT_RECORD (1 << 4) #define FLAG_ID_LENGTH_PRESENT (1 << 3) +#define FLAG_TNF_NFC_FORUM (0x01) #define FLAG_TNF_RFC2046 (0x02) struct ndef_record { - u8 *type; - u8 *id; - u8 *payload; + const u8 *type; + const u8 *id; + const u8 *payload; u8 type_length; u8 id_length; u32 payload_length; u32 total_length; }; -static char wifi_handover_type[] = "application/vnd.wfa.wsc"; +static const char wifi_handover_type[] = "application/vnd.wfa.wsc"; +static const char p2p_handover_type[] = "application/vnd.wfa.p2p"; -static int ndef_parse_record(u8 *data, u32 size, struct ndef_record *record) +static int ndef_parse_record(const u8 *data, u32 size, + struct ndef_record *record) { - u8 *pos = data + 1; + const u8 *pos = data + 1; if (size < 2) return -1; @@ -49,9 +45,14 @@ static int ndef_parse_record(u8 *data, u32 size, struct ndef_record *record) return -1; record->payload_length = *pos++; } else { + u32 len; + if (size < 6) return -1; - record->payload_length = ntohl(*(u32 *)pos); + len = WPA_GET_BE32(pos); + if (len > size - 6 || len > 20000) + return -1; + record->payload_length = len; pos += sizeof(u32); } @@ -72,18 +73,19 @@ static int ndef_parse_record(u8 *data, u32 size, struct ndef_record *record) pos += record->payload_length; record->total_length = pos - data; - if (record->total_length > size) + if (record->total_length > size || + record->total_length < record->payload_length) return -1; return 0; } -static struct wpabuf * ndef_parse_records(struct wpabuf *buf, +static struct wpabuf * ndef_parse_records(const struct wpabuf *buf, int (*filter)(struct ndef_record *)) { struct ndef_record record; int len = wpabuf_len(buf); - u8 *data = wpabuf_mhead(buf); + const u8 *data = wpabuf_head(buf); while (len > 0) { if (ndef_parse_record(data, len, &record) < 0) { @@ -101,15 +103,16 @@ static struct wpabuf * ndef_parse_records(struct wpabuf *buf, } -static struct wpabuf * ndef_build_record(u8 flags, void *type, +static struct wpabuf * ndef_build_record(u8 flags, const void *type, u8 type_length, void *id, - u8 id_length, void *payload, - u32 payload_length) + u8 id_length, + const struct wpabuf *payload) { struct wpabuf *record; size_t total_len; int short_record; u8 local_flag; + size_t payload_length = wpabuf_len(payload); short_record = payload_length < 256 ? 1 : 0; @@ -144,14 +147,15 @@ static struct wpabuf * ndef_build_record(u8 flags, void *type, wpabuf_put_u8(record, id_length); wpabuf_put_data(record, type, type_length); wpabuf_put_data(record, id, id_length); - wpabuf_put_data(record, payload, payload_length); + wpabuf_put_buf(record, payload); return record; } static int wifi_filter(struct ndef_record *record) { - if (record->type_length != os_strlen(wifi_handover_type)) + if (record->type == NULL || + record->type_length != os_strlen(wifi_handover_type)) return 0; if (os_memcmp(record->type, wifi_handover_type, os_strlen(wifi_handover_type)) != 0) @@ -160,16 +164,41 @@ static int wifi_filter(struct ndef_record *record) } -struct wpabuf * ndef_parse_wifi(struct wpabuf *buf) +struct wpabuf * ndef_parse_wifi(const struct wpabuf *buf) { return ndef_parse_records(buf, wifi_filter); } -struct wpabuf * ndef_build_wifi(struct wpabuf *buf) +struct wpabuf * ndef_build_wifi(const struct wpabuf *buf) { return ndef_build_record(FLAG_MESSAGE_BEGIN | FLAG_MESSAGE_END | FLAG_TNF_RFC2046, wifi_handover_type, - os_strlen(wifi_handover_type), NULL, 0, - wpabuf_mhead(buf), wpabuf_len(buf)); + os_strlen(wifi_handover_type), NULL, 0, buf); +} + + +static int p2p_filter(struct ndef_record *record) +{ + if (record->type == NULL || + record->type_length != os_strlen(p2p_handover_type)) + return 0; + if (os_memcmp(record->type, p2p_handover_type, + os_strlen(p2p_handover_type)) != 0) + return 0; + return 1; +} + + +struct wpabuf * ndef_parse_p2p(const struct wpabuf *buf) +{ + return ndef_parse_records(buf, p2p_filter); +} + + +struct wpabuf * ndef_build_p2p(const struct wpabuf *buf) +{ + return ndef_build_record(FLAG_MESSAGE_BEGIN | FLAG_MESSAGE_END | + FLAG_TNF_RFC2046, p2p_handover_type, + os_strlen(p2p_handover_type), NULL, 0, buf); }