[thirdparty/hostap.git] / tests / ap-mgmt-fuzzer / ap-mgmt-fuzzer.c

/*
 * hostapd - Management frame fuzzer
 * Copyright (c) 2015, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "utils/includes.h"

#include "utils/common.h"
#include "utils/eloop.h"
#include "ap/hostapd.h"
#include "ap/ieee802_11.h"
#include "ap/sta_info.h"


const struct wpa_driver_ops *const wpa_drivers[] =
{
	NULL
};


struct arg_ctx {
	const char *fname;
	struct hostapd_iface iface;
	struct hostapd_data hapd;
	struct wpa_driver_ops driver;
	struct hostapd_config iconf;
	struct hostapd_bss_config conf;
};


static void test_send_mgmt(void *eloop_data, void *user_ctx)
{
	struct arg_ctx *ctx = eloop_data;
	char *data;
	size_t len;
	struct hostapd_frame_info fi;

	wpa_printf(MSG_INFO, "ap-mgmt-fuzzer: Send '%s'", ctx->fname);

	data = os_readfile(ctx->fname, &len);
	if (!data) {
		wpa_printf(MSG_ERROR, "Could not read '%s'", ctx->fname);
		goto out;
	}

	wpa_hexdump(MSG_MSGDUMP, "fuzzer - WNM", data, len);

	os_memset(&fi, 0, sizeof(fi));
	ieee802_11_mgmt(&ctx->hapd, (u8 *) data, len, &fi);

out:
	os_free(data);
	eloop_terminate();
}


static int init_hapd(struct arg_ctx *ctx)
{
	struct hostapd_data *hapd = &ctx->hapd;
	struct sta_info *sta;

	hapd->driver = &ctx->driver;
	os_memcpy(hapd->own_addr, "\x02\x00\x00\x00\x03\x00", ETH_ALEN);
	hapd->iface = &ctx->iface;
	hapd->iface->conf = hostapd_config_defaults();;
	if (!hapd->iface->conf)
		return -1;
	hapd->iconf = hapd->iface->conf;
	hapd->conf = hapd->iconf->bss[0];
	hostapd_config_defaults_bss(hapd->conf);

	sta = ap_sta_add(hapd, (u8 *) "\x02\x00\x00\x00\x00\x00");
	if (sta)
		sta->flags |= WLAN_STA_ASSOC | WLAN_STA_WMM;

	return 0;
}


int main(int argc, char *argv[])
{
	struct arg_ctx ctx;
	int ret = -1;

	if (argc < 2) {
		printf("usage: %s <file>\n", argv[0]);
		return -1;
	}

	if (os_program_init())
		return -1;

	wpa_debug_level = 0;
	wpa_debug_show_keys = 1;

	if (eloop_init()) {
		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
		return -1;
	}

	os_memset(&ctx, 0, sizeof(ctx));
	ctx.fname = argv[1];
	if (init_hapd(&ctx))
		goto fail;

	eloop_register_timeout(0, 0, test_send_mgmt, &ctx, NULL);

	wpa_printf(MSG_DEBUG, "Starting eloop");
	eloop_run();
	wpa_printf(MSG_DEBUG, "eloop done");
	hostapd_free_stas(&ctx.hapd);

	ret = 0;
fail:
	hostapd_config_free(ctx.hapd.iconf);
	eloop_destroy();
	os_program_deinit();

	return ret;
}
Commit	Line	Data
26b3f644 JM	1	/*
	2	* hostapd - Management frame fuzzer
	3	* Copyright (c) 2015, Jouni Malinen <j@w1.fi>
	4	*
	5	* This software may be distributed under the terms of the BSD license.
	6	* See README for more details.
	7	*/
	8
	9	#include "utils/includes.h"
	10
	11	#include "utils/common.h"
	12	#include "utils/eloop.h"
	13	#include "ap/hostapd.h"
	14	#include "ap/ieee802_11.h"
f79a5fa0	15	#include "ap/sta_info.h"
26b3f644 JM	16
26b3f644 JM	17
8b423edb	18	const struct wpa_driver_ops *const wpa_drivers[] =
26b3f644 JM	19	{
	20	NULL
	21	};
	22
	23
	24	struct arg_ctx {
	25	const char *fname;
	26	struct hostapd_iface iface;
	27	struct hostapd_data hapd;
	28	struct wpa_driver_ops driver;
	29	struct hostapd_config iconf;
	30	struct hostapd_bss_config conf;
	31	};
	32
	33
	34	static void test_send_mgmt(void eloop_data, void user_ctx)
	35	{
	36	struct arg_ctx *ctx = eloop_data;
	37	char *data;
	38	size_t len;
	39	struct hostapd_frame_info fi;
	40
	41	wpa_printf(MSG_INFO, "ap-mgmt-fuzzer: Send '%s'", ctx->fname);
	42
	43	data = os_readfile(ctx->fname, &len);
	44	if (!data) {
	45	wpa_printf(MSG_ERROR, "Could not read '%s'", ctx->fname);
	46	goto out;
	47	}
	48
	49	wpa_hexdump(MSG_MSGDUMP, "fuzzer - WNM", data, len);
	50
	51	os_memset(&fi, 0, sizeof(fi));
	52	ieee802_11_mgmt(&ctx->hapd, (u8 *) data, len, &fi);
	53
	54	out:
	55	os_free(data);
	56	eloop_terminate();
	57	}
	58
	59
	60	static int init_hapd(struct arg_ctx *ctx)
	61	{
	62	struct hostapd_data *hapd = &ctx->hapd;
f79a5fa0	63	struct sta_info *sta;
26b3f644 JM	64
	65	hapd->driver = &ctx->driver;
	66	os_memcpy(hapd->own_addr, "\x02\x00\x00\x00\x03\x00", ETH_ALEN);
	67	hapd->iface = &ctx->iface;
	68	hapd->iface->conf = hostapd_config_defaults();;
	69	if (!hapd->iface->conf)
	70	return -1;
	71	hapd->iconf = hapd->iface->conf;
	72	hapd->conf = hapd->iconf->bss[0];
	73	hostapd_config_defaults_bss(hapd->conf);
	74
f79a5fa0 JM	75	sta = ap_sta_add(hapd, (u8 *) "\x02\x00\x00\x00\x00\x00");
	76	if (sta)
	77	sta->flags \|= WLAN_STA_ASSOC \| WLAN_STA_WMM;
	78
26b3f644 JM	79	return 0;
	80	}
	81
	82
	83	int main(int argc, char *argv[])
	84	{
	85	struct arg_ctx ctx;
	86	int ret = -1;
	87
	88	if (argc < 2) {
	89	printf("usage: %s <file>\n", argv[0]);
	90	return -1;
	91	}
	92
	93	if (os_program_init())
	94	return -1;
	95
	96	wpa_debug_level = 0;
	97	wpa_debug_show_keys = 1;
	98
	99	if (eloop_init()) {
	100	wpa_printf(MSG_ERROR, "Failed to initialize event loop");
	101	return -1;
	102	}
	103
	104	os_memset(&ctx, 0, sizeof(ctx));
	105	ctx.fname = argv[1];
	106	if (init_hapd(&ctx))
	107	goto fail;
	108
	109	eloop_register_timeout(0, 0, test_send_mgmt, &ctx, NULL);
	110
	111	wpa_printf(MSG_DEBUG, "Starting eloop");
	112	eloop_run();
	113	wpa_printf(MSG_DEBUG, "eloop done");
f79a5fa0	114	hostapd_free_stas(&ctx.hapd);
26b3f644 JM	115
	116	ret = 0;
	117	fail:
	118	hostapd_config_free(ctx.hapd.iconf);
	119	eloop_destroy();
	120	os_program_deinit();
	121
	122	return ret;
	123	}