Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Fix WPS AP mode regression

Commit 03d3f28a698ec2c269fed35b88be30373595eee2 broke initialization of
EAPOL authenticator state machines since an error value from
wpa_auth_sta_key_mgmt() (-1) was not handled properly and the fixed
wpa_key_mgmt_wpa_psk() identified the value as a PSK-based AKM because
of all bits being set to 1. The special error value needs to handled
separately to avoid skipping EAPOL state machine initialization.
Jouni Malinen il y a 14 ans
Parent
4bb3377bc5
commit
df13a1cdff
1 fichiers modifiés avec 24 ajouts et 5 suppressions
Vue séparée Afficher les stats Diff
  1. 24 5
      src/ap/ieee802_1x.c

+ 24 - 5
src/ap/ieee802_1x.c
Voir le fichier 

@@ -680,6 +680,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
 
 	struct ieee802_1x_eapol_key *key;
 
 	u16 datalen;
 
 	struct rsn_pmksa_cache_entry *pmksa;
 
+	int key_mgmt;
 
 
 	if (!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
 
 	    !hapd->conf->wps_state)
 
@@ -731,10 +732,19 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
 
 		return;
 
 	}
 
 
-	if ((!hapd->conf->ieee802_1x &&
 
-	     !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) ||
 
-	    wpa_key_mgmt_wpa_psk(wpa_auth_sta_key_mgmt(sta->wpa_sm)))
 
+	if (!hapd->conf->ieee802_1x &&
 
+	    !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
 
+		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
 
+			   "802.1X not enabled and WPS not used");
 
 		return;
 
+	}
 
+
 
+	key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
 
+	if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
 
+		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
 
+			   "STA is using PSK");
 
+		return;
 
+	}
 
 
 	if (!sta->eapol_sm) {
 
 		sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
 
@@ -836,6 +846,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
 
 	struct rsn_pmksa_cache_entry *pmksa;
 
 	int reassoc = 1;
 
 	int force_1x = 0;
 
+	int key_mgmt;
 
 
 #ifdef CONFIG_WPS
 
 	if (hapd->conf->wps_state && hapd->conf->wpa &&
 
@@ -849,9 +860,17 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
 
 	}
 
 #endif /* CONFIG_WPS */
 
 
-	if ((!force_1x && !hapd->conf->ieee802_1x) ||
 
-	    wpa_key_mgmt_wpa_psk(wpa_auth_sta_key_mgmt(sta->wpa_sm)))
 
+	if (!force_1x && !hapd->conf->ieee802_1x) {
 
+		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - "
 
+			   "802.1X not enabled or forced for WPS");
 
 		return;
 
+	}
 
+
 
+	key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
 
+	if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
 
+		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - using PSK");
 
+		return;
 
+	}
 
 
 	if (sta->eapol_sm == NULL) {
 
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,