wok annotate wpa_supplicant/stuff/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch @ rev 21909

updated sic (1.1 -> 1.2)
author Hans-G?nter Theisgen
date Fri Oct 04 15:39:32 2019 +0100 (2019-10-04)
parents
children
rev   line source
mojo@20131 1 From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
mojo@20131 2 From: Jouni Malinen <j@w1.fi>
mojo@20131 3 Date: Fri, 22 Sep 2017 12:06:37 +0300
mojo@20131 4 Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
mojo@20131 5
mojo@20131 6 The driver is expected to not report a second association event without
mojo@20131 7 the station having explicitly request a new association. As such, this
mojo@20131 8 case should not be reachable. However, since reconfiguring the same
mojo@20131 9 pairwise or group keys to the driver could result in nonce reuse issues,
mojo@20131 10 be extra careful here and do an additional state check to avoid this
mojo@20131 11 even if the local driver ends up somehow accepting an unexpected
mojo@20131 12 Reassociation Response frame.
mojo@20131 13
mojo@20131 14 Signed-off-by: Jouni Malinen <j@w1.fi>
mojo@20131 15 ---
mojo@20131 16 src/rsn_supp/wpa.c | 3 +++
mojo@20131 17 src/rsn_supp/wpa_ft.c | 8 ++++++++
mojo@20131 18 src/rsn_supp/wpa_i.h | 1 +
mojo@20131 19 3 files changed, 12 insertions(+)
mojo@20131 20
mojo@20131 21 diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
mojo@20131 22 index 0550a41..2a53c6f 100644
mojo@20131 23 --- a/src/rsn_supp/wpa.c
mojo@20131 24 +++ b/src/rsn_supp/wpa.c
mojo@20131 25 @@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
mojo@20131 26 #ifdef CONFIG_TDLS
mojo@20131 27 wpa_tdls_disassoc(sm);
mojo@20131 28 #endif /* CONFIG_TDLS */
mojo@20131 29 +#ifdef CONFIG_IEEE80211R
mojo@20131 30 + sm->ft_reassoc_completed = 0;
mojo@20131 31 +#endif /* CONFIG_IEEE80211R */
mojo@20131 32
mojo@20131 33 /* Keys are not needed in the WPA state machine anymore */
mojo@20131 34 wpa_sm_drop_sa(sm);
mojo@20131 35 diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
mojo@20131 36 index 205793e..d45bb45 100644
mojo@20131 37 --- a/src/rsn_supp/wpa_ft.c
mojo@20131 38 +++ b/src/rsn_supp/wpa_ft.c
mojo@20131 39 @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
mojo@20131 40 u16 capab;
mojo@20131 41
mojo@20131 42 sm->ft_completed = 0;
mojo@20131 43 + sm->ft_reassoc_completed = 0;
mojo@20131 44
mojo@20131 45 buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
mojo@20131 46 2 + sm->r0kh_id_len + ric_ies_len + 100;
mojo@20131 47 @@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
mojo@20131 48 return -1;
mojo@20131 49 }
mojo@20131 50
mojo@20131 51 + if (sm->ft_reassoc_completed) {
mojo@20131 52 + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
mojo@20131 53 + return 0;
mojo@20131 54 + }
mojo@20131 55 +
mojo@20131 56 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
mojo@20131 57 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
mojo@20131 58 return -1;
mojo@20131 59 @@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
mojo@20131 60 return -1;
mojo@20131 61 }
mojo@20131 62
mojo@20131 63 + sm->ft_reassoc_completed = 1;
mojo@20131 64 +
mojo@20131 65 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
mojo@20131 66 return -1;
mojo@20131 67
mojo@20131 68 diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
mojo@20131 69 index 41f371f..56f88dc 100644
mojo@20131 70 --- a/src/rsn_supp/wpa_i.h
mojo@20131 71 +++ b/src/rsn_supp/wpa_i.h
mojo@20131 72 @@ -128,6 +128,7 @@ struct wpa_sm {
mojo@20131 73 size_t r0kh_id_len;
mojo@20131 74 u8 r1kh_id[FT_R1KH_ID_LEN];
mojo@20131 75 int ft_completed;
mojo@20131 76 + int ft_reassoc_completed;
mojo@20131 77 int over_the_ds_in_progress;
mojo@20131 78 u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
mojo@20131 79 int set_ptk_after_assoc;
mojo@20131 80 --
mojo@20131 81 2.7.4
mojo@20131 82