Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 488fc98adf
Branches Tags
openwrt_lede
/
package
/
network
/
services
/
hostapd
/
patches
/
012-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch

012-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. From: Jouni Malinen <j@w1.fi>
    2. 

  2. Date: Fri, 22 Sep 2017 12:06:37 +0300
    3. 

  3. Subject: [PATCH] FT: Do not allow multiple Reassociation Response frames
    4. 

  4. 

  5. The driver is expected to not report a second association event without
    6. 

  6. the station having explicitly request a new association. As such, this
    7. 

  7. case should not be reachable. However, since reconfiguring the same
    8. 

  8. pairwise or group keys to the driver could result in nonce reuse issues,
    9. 

  9. be extra careful here and do an additional state check to avoid this
    10. 

  10. even if the local driver ends up somehow accepting an unexpected
    11. 

  11. Reassociation Response frame.
    12. 

  12. 

  13. Signed-off-by: Jouni Malinen <j@w1.fi>
    14. 

  14. ---
    15. 

  15. 

  16. --- a/src/rsn_supp/wpa.c
    17. 

  17. +++ b/src/rsn_supp/wpa.c
    18. 

  18. @@ -2568,6 +2568,9 @@ void wpa_sm_notify_assoc(struct wpa_sm *
    19. 

  19.  #ifdef CONFIG_TDLS
    20. 

  20.  	wpa_tdls_assoc(sm);
    21. 

  21.  #endif /* CONFIG_TDLS */
    22. 

  22. +#ifdef CONFIG_IEEE80211R
    23. 

  23. +	sm->ft_reassoc_completed = 0;
    24. 

  24. +#endif /* CONFIG_IEEE80211R */
    25. 

  25.  
    26. 

  26.  #ifdef CONFIG_P2P
    27. 

  27.  	os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
    28. 

  28. --- a/src/rsn_supp/wpa_ft.c
    29. 

  29. +++ b/src/rsn_supp/wpa_ft.c
    30. 

  30. @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wp
    31. 

  31.  	u16 capab;
    32. 

  32.  
    33. 

  33.  	sm->ft_completed = 0;
    34. 

  34. +	sm->ft_reassoc_completed = 0;
    35. 

  35.  
    36. 

  36.  	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
    37. 

  37.  		2 + sm->r0kh_id_len + ric_ies_len + 100;
    38. 

  38. @@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct
    39. 

  39.  		return -1;
    40. 

  40.  	}
    41. 

  41.  
    42. 

  42. +	if (sm->ft_reassoc_completed) {
    43. 

  43. +		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
    44. 

  44. +		return 0;
    45. 

  45. +	}
    46. 

  46. +
    47. 

  47.  	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
    48. 

  48.  		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
    49. 

  49.  		return -1;
    50. 

  50. @@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct
    51. 

  51.  		return -1;
    52. 

  52.  	}
    53. 

  53.  
    54. 

  54. +	sm->ft_reassoc_completed = 1;
    55. 

  55. +
    56. 

  56.  	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
    57. 

  57.  		return -1;
    58. 

  58.  
    59. 

  59. --- a/src/rsn_supp/wpa_i.h
    60. 

  60. +++ b/src/rsn_supp/wpa_i.h
    61. 

  61. @@ -128,6 +128,7 @@ struct wpa_sm {
    62. 

  62.  	size_t r0kh_id_len;
    63. 

  63.  	u8 r1kh_id[FT_R1KH_ID_LEN];
    64. 

  64.  	int ft_completed;
    65. 

  65. +	int ft_reassoc_completed;
    66. 

  66.  	int over_the_ds_in_progress;
    67. 

  67.  	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
    68. 

  68.  	int set_ptk_after_assoc;
    69.