| /* |
| * hostapd - Management frame fuzzer |
| * Copyright (c) 2015, Jouni Malinen <j@w1.fi> |
| * |
| * This software may be distributed under the terms of the BSD license. |
| * See README for more details. |
| */ |
| |
| #include "utils/includes.h" |
| |
| #include "utils/common.h" |
| #include "utils/eloop.h" |
| #include "ap/hostapd.h" |
| #include "ap/ieee802_11.h" |
| |
| |
| struct wpa_driver_ops *wpa_drivers[] = |
| { |
| NULL |
| }; |
| |
| |
| struct arg_ctx { |
| const char *fname; |
| struct hostapd_iface iface; |
| struct hostapd_data hapd; |
| struct wpa_driver_ops driver; |
| struct hostapd_config iconf; |
| struct hostapd_bss_config conf; |
| }; |
| |
| |
| static void test_send_mgmt(void *eloop_data, void *user_ctx) |
| { |
| struct arg_ctx *ctx = eloop_data; |
| char *data; |
| size_t len; |
| struct hostapd_frame_info fi; |
| |
| wpa_printf(MSG_INFO, "ap-mgmt-fuzzer: Send '%s'", ctx->fname); |
| |
| data = os_readfile(ctx->fname, &len); |
| if (!data) { |
| wpa_printf(MSG_ERROR, "Could not read '%s'", ctx->fname); |
| goto out; |
| } |
| |
| wpa_hexdump(MSG_MSGDUMP, "fuzzer - WNM", data, len); |
| |
| os_memset(&fi, 0, sizeof(fi)); |
| ieee802_11_mgmt(&ctx->hapd, (u8 *) data, len, &fi); |
| |
| out: |
| os_free(data); |
| eloop_terminate(); |
| } |
| |
| |
| static int init_hapd(struct arg_ctx *ctx) |
| { |
| struct hostapd_data *hapd = &ctx->hapd; |
| |
| hapd->driver = &ctx->driver; |
| os_memcpy(hapd->own_addr, "\x02\x00\x00\x00\x03\x00", ETH_ALEN); |
| hapd->iface = &ctx->iface; |
| hapd->iface->conf = hostapd_config_defaults();; |
| if (!hapd->iface->conf) |
| return -1; |
| hapd->iconf = hapd->iface->conf; |
| hapd->conf = hapd->iconf->bss[0]; |
| hostapd_config_defaults_bss(hapd->conf); |
| |
| return 0; |
| } |
| |
| |
| int main(int argc, char *argv[]) |
| { |
| struct arg_ctx ctx; |
| int ret = -1; |
| |
| if (argc < 2) { |
| printf("usage: %s <file>\n", argv[0]); |
| return -1; |
| } |
| |
| if (os_program_init()) |
| return -1; |
| |
| wpa_debug_level = 0; |
| wpa_debug_show_keys = 1; |
| |
| if (eloop_init()) { |
| wpa_printf(MSG_ERROR, "Failed to initialize event loop"); |
| return -1; |
| } |
| |
| os_memset(&ctx, 0, sizeof(ctx)); |
| ctx.fname = argv[1]; |
| if (init_hapd(&ctx)) |
| goto fail; |
| |
| eloop_register_timeout(0, 0, test_send_mgmt, &ctx, NULL); |
| |
| wpa_printf(MSG_DEBUG, "Starting eloop"); |
| eloop_run(); |
| wpa_printf(MSG_DEBUG, "eloop done"); |
| |
| ret = 0; |
| fail: |
| hostapd_config_free(ctx.hapd.iconf); |
| eloop_destroy(); |
| os_program_deinit(); |
| |
| return ret; |
| } |