Changeset View
Changeset View
Standalone View
Standalone View
files/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
- This file was added.
| From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 | |||||
| From: Jouni Malinen <j@w1.fi> | |||||
| Date: Fri, 22 Sep 2017 12:06:37 +0300 | |||||
| Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames | |||||
| The driver is expected to not report a second association event without | |||||
| the station having explicitly request a new association. As such, this | |||||
| case should not be reachable. However, since reconfiguring the same | |||||
| pairwise or group keys to the driver could result in nonce reuse issues, | |||||
| be extra careful here and do an additional state check to avoid this | |||||
| even if the local driver ends up somehow accepting an unexpected | |||||
| Reassociation Response frame. | |||||
| Signed-off-by: Jouni Malinen <j@w1.fi> | |||||
| --- | |||||
| src/rsn_supp/wpa.c | 3 +++ | |||||
| src/rsn_supp/wpa_ft.c | 8 ++++++++ | |||||
| src/rsn_supp/wpa_i.h | 1 + | |||||
| 3 files changed, 12 insertions(+) | |||||
| diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c | |||||
| index 0550a41..2a53c6f 100644 | |||||
| --- a/src/rsn_supp/wpa.c | |||||
| +++ b/src/rsn_supp/wpa.c | |||||
| @@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) | |||||
| #ifdef CONFIG_TDLS | |||||
| wpa_tdls_disassoc(sm); | |||||
| #endif /* CONFIG_TDLS */ | |||||
| +#ifdef CONFIG_IEEE80211R | |||||
| + sm->ft_reassoc_completed = 0; | |||||
| +#endif /* CONFIG_IEEE80211R */ | |||||
| /* Keys are not needed in the WPA state machine anymore */ | |||||
| wpa_sm_drop_sa(sm); | |||||
| diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c | |||||
| index 205793e..d45bb45 100644 | |||||
| --- a/src/rsn_supp/wpa_ft.c | |||||
| +++ b/src/rsn_supp/wpa_ft.c | |||||
| @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, | |||||
| u16 capab; | |||||
| sm->ft_completed = 0; | |||||
| + sm->ft_reassoc_completed = 0; | |||||
| buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + | |||||
| 2 + sm->r0kh_id_len + ric_ies_len + 100; | |||||
| @@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, | |||||
| return -1; | |||||
| } | |||||
| + if (sm->ft_reassoc_completed) { | |||||
| + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); | |||||
| + return 0; | |||||
| + } | |||||
| + | |||||
| if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { | |||||
| wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); | |||||
| return -1; | |||||
| @@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, | |||||
| return -1; | |||||
| } | |||||
| + sm->ft_reassoc_completed = 1; | |||||
| + | |||||
| if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) | |||||
| return -1; | |||||
| diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h | |||||
| index 41f371f..56f88dc 100644 | |||||
| --- a/src/rsn_supp/wpa_i.h | |||||
| +++ b/src/rsn_supp/wpa_i.h | |||||
| @@ -128,6 +128,7 @@ struct wpa_sm { | |||||
| size_t r0kh_id_len; | |||||
| u8 r1kh_id[FT_R1KH_ID_LEN]; | |||||
| int ft_completed; | |||||
| + int ft_reassoc_completed; | |||||
| int over_the_ds_in_progress; | |||||
| u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ | |||||
| int set_ptk_after_assoc; | |||||
| -- | |||||
| 2.7.4 | |||||
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.