Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

DPP: Use wildcard BSSID in GAS query frames

Force use of the wildcard BSSID address in GAS query frames with DPP
regardless of how the gas_address3 configuration parameter is set. DPP
specification mandates this and the use of GAS here is really outside
the context of a BSS, so using the wildcard BSSID makes sense even for
the corner case of Configurator running on a known AP (where IEEE 802.11
standard would allow the BSSID of the AP to be used).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Jouni Malinen 7 years ago
parent
0887215d94
commit
aca4d84e3d
5 changed files with 14 additions and 11 deletions
Split View Show Diff Stats
  1. 1 1
      wpa_supplicant/dpp_supplicant.c
  2. 8 5
      wpa_supplicant/gas_query.c
  3. 1 1
      wpa_supplicant/gas_query.h
  4. 1 1
      wpa_supplicant/hs20_supplicant.c
  5. 3 3
      wpa_supplicant/interworking.c

+ 1 - 1
wpa_supplicant/dpp_supplicant.c
View File 

@@ -1418,7 +1418,7 @@ static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
 
 		   MAC2STR(auth->peer_mac_addr), auth->curr_freq);
 
 
 	res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
 
-			    buf, wpas_dpp_gas_resp_cb, wpa_s);
 
+			    1, buf, wpas_dpp_gas_resp_cb, wpa_s);
 
 	if (res < 0) {
 
 		wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
 
 		wpabuf_free(buf);

+ 8 - 5
wpa_supplicant/gas_query.c
View File 

@@ -42,6 +42,7 @@ struct gas_query_pending {
 
 	unsigned int wait_comeback:1;
 
 	unsigned int offchannel_tx_started:1;
 
 	unsigned int retry:1;
 
+	unsigned int wildcard_bssid:1;
 
 	int freq;
 
 	u16 status_code;
 
 	struct wpabuf *req;
 
@@ -302,10 +303,11 @@ static int gas_query_tx(struct gas_query *gas, struct gas_query_pending *query,
 
 	if (gas->wpa_s->max_remain_on_chan &&
 
 	    wait_time > gas->wpa_s->max_remain_on_chan)
 
 		wait_time = gas->wpa_s->max_remain_on_chan;
 
-	if (!gas->wpa_s->conf->gas_address3 ||
 
-	    (gas->wpa_s->current_ssid &&
 
-	     gas->wpa_s->wpa_state >= WPA_ASSOCIATED &&
 
-	     os_memcmp(query->addr, gas->wpa_s->bssid, ETH_ALEN) == 0))
 
+	if (!query->wildcard_bssid &&
 
+	    (!gas->wpa_s->conf->gas_address3 ||
 
+	     (gas->wpa_s->current_ssid &&
 
+	      gas->wpa_s->wpa_state >= WPA_ASSOCIATED &&
 
+	      os_memcmp(query->addr, gas->wpa_s->bssid, ETH_ALEN) == 0)))
 
 		bssid = query->addr;
 
 	else
 
 		bssid = wildcard_bssid;
 
@@ -805,7 +807,7 @@ static int gas_query_set_sa(struct gas_query *gas,
 
  * Returns: dialog token (>= 0) on success or -1 on failure
 
  */
 
 int gas_query_req(struct gas_query *gas, const u8 *dst, int freq,
 
-		  struct wpabuf *req,
 
+		  int wildcard_bssid, struct wpabuf *req,
 
 		  void (*cb)(void *ctx, const u8 *dst, u8 dialog_token,
 
 			     enum gas_query_result result,
 
 			     const struct wpabuf *adv_proto,
 
@@ -833,6 +835,7 @@ int gas_query_req(struct gas_query *gas, const u8 *dst, int freq,
 
 	}
 
 	os_memcpy(query->addr, dst, ETH_ALEN);
 
 	query->dialog_token = dialog_token;
 
+	query->wildcard_bssid = !!wildcard_bssid;
 
 	query->freq = freq;
 
 	query->cb = cb;
 
 	query->ctx = ctx;

+ 1 - 1
wpa_supplicant/gas_query.h
View File 

@@ -34,7 +34,7 @@ enum gas_query_result {
 
 };
 
 
 int gas_query_req(struct gas_query *gas, const u8 *dst, int freq,
 
-		  struct wpabuf *req,
 
+		  int wildcard_bssid, struct wpabuf *req,
 
 		  void (*cb)(void *ctx, const u8 *dst, u8 dialog_token,
 
 			     enum gas_query_result result,
 
 			     const struct wpabuf *adv_proto,

+ 1 - 1
wpa_supplicant/hs20_supplicant.c
View File 

@@ -248,7 +248,7 @@ int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes,
 
 	if (buf == NULL)
 
 		return -1;
 
 
-	res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
 
+	res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s);
 
 	if (res < 0) {
 
 		wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
 
 		wpabuf_free(buf);

+ 3 - 3
wpa_supplicant/interworking.c
View File 

@@ -312,7 +312,7 @@ static int interworking_anqp_send_req(struct wpa_supplicant *wpa_s,
 
 	if (buf == NULL)
 
 		return -1;
 
 
-	res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, buf,
 
+	res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, 0, buf,
 
 			    interworking_anqp_resp_cb, wpa_s);
 
 	if (res < 0) {
 
 		wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
 
@@ -2752,7 +2752,7 @@ int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst,
 
 	if (buf == NULL)
 
 		return -1;
 
 
-	res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
 
+	res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s);
 
 	if (res < 0) {
 
 		wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
 
 		wpabuf_free(buf);
 
@@ -3154,7 +3154,7 @@ int gas_send_request(struct wpa_supplicant *wpa_s, const u8 *dst,
 
 	} else
 
 		wpabuf_put_le16(buf, 0);
 
 
-	res = gas_query_req(wpa_s->gas, dst, freq, buf, gas_resp_cb, wpa_s);
 
+	res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, gas_resp_cb, wpa_s);
 
 	if (res < 0) {
 
 		wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
 
 		wpabuf_free(buf);