planix.org
/
actube
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Hacked to read wrong Cisco WTP descriptors. 

FossilOrigin-Name: 4b2db21e5e1eda0d4ab51f9a119dc032b4e52175c37bbd4079358ad33446fbd1
This commit is contained in:
7u83@mail.ru 2014-07-27 10:33:42 +00:00
parent fac0563aaf
commit 0fbd7267e6
1 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/capwap/wtpinfo_readelem_wtp_descriptor.c
View File

@ -1,7 +1,27 @@
/*
This file is part of libcapwap.
libcapwap is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
libcapwap is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Foobar. If not, see <http://www.gnu.org/licenses/>.
*/
#include "capwap.h"
#include "wtpinfo.h"
#include "cw_util.h"
#include "cw_log.h"
int wtpinfo_readelem_wtp_descriptor(struct wtpinfo * wtpinfo, int type, uint8_t *msgelem, int len)
{
@ -15,8 +35,15 @@ int wtpinfo_readelem_wtp_descriptor(struct wtpinfo * wtpinfo, int type, uint8_t
wtpinfo->radios_in_use=*(msgelem+1);
int ncrypt = *(msgelem+2);
int i=ncrypt*3+3;
int i;
if (ncrypt == 0){
/* non-conform */
cw_log_debug1("Non-standard-conform WTP descriptor detected (See RFC 5415)");
i=4;
}
else{
i=ncrypt*3+3;
}
do {
if (i+8>=len)
@ -30,11 +57,12 @@ int wtpinfo_readelem_wtp_descriptor(struct wtpinfo * wtpinfo, int type, uint8_t
i+=8;
if (sublen+i>len){
//printf("Wrong sublen ba %d\n",sublen);
cw_log_debug1("WTP descriptor subelement too long, length = %d",sublen);
return -1;
}
cw_log_debug2("Reading WTP descriptor subelement, type=%d,len=%d",subtype,sublen);
switch(subtype){
case CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION:
wtpinfo->hardware_vendor_id=vendor_id;
@ -49,7 +77,7 @@ int wtpinfo_readelem_wtp_descriptor(struct wtpinfo * wtpinfo, int type, uint8_t
cw_setstr(&wtpinfo->bootloader_version,msgelem+i,sublen);
break;
default:
//printf("unknown !!!\n");
cw_log_debug1("Unknown WTP descriptor subelement, type = %d",subtype);
break;
}
i+=sublen;