wok diff wpa_supplicant/stuff/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch @ rev 21909
updated sic (1.1 -> 1.2)
| author | Hans-G?nter Theisgen |
|---|---|
| date | Fri Oct 04 15:39:32 2019 +0100 (2019-10-04) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/wpa_supplicant/stuff/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch Fri Oct 04 15:39:32 2019 +0100 1.3 @@ -0,0 +1,82 @@ 1.4 +From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 1.5 +From: Jouni Malinen <j@w1.fi> 1.6 +Date: Fri, 22 Sep 2017 12:06:37 +0300 1.7 +Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames 1.8 + 1.9 +The driver is expected to not report a second association event without 1.10 +the station having explicitly request a new association. As such, this 1.11 +case should not be reachable. However, since reconfiguring the same 1.12 +pairwise or group keys to the driver could result in nonce reuse issues, 1.13 +be extra careful here and do an additional state check to avoid this 1.14 +even if the local driver ends up somehow accepting an unexpected 1.15 +Reassociation Response frame. 1.16 + 1.17 +Signed-off-by: Jouni Malinen <j@w1.fi> 1.18 +--- 1.19 + src/rsn_supp/wpa.c | 3 +++ 1.20 + src/rsn_supp/wpa_ft.c | 8 ++++++++ 1.21 + src/rsn_supp/wpa_i.h | 1 + 1.22 + 3 files changed, 12 insertions(+) 1.23 + 1.24 +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c 1.25 +index 0550a41..2a53c6f 100644 1.26 +--- a/src/rsn_supp/wpa.c 1.27 ++++ b/src/rsn_supp/wpa.c 1.28 +@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) 1.29 + #ifdef CONFIG_TDLS 1.30 + wpa_tdls_disassoc(sm); 1.31 + #endif /* CONFIG_TDLS */ 1.32 ++#ifdef CONFIG_IEEE80211R 1.33 ++ sm->ft_reassoc_completed = 0; 1.34 ++#endif /* CONFIG_IEEE80211R */ 1.35 + 1.36 + /* Keys are not needed in the WPA state machine anymore */ 1.37 + wpa_sm_drop_sa(sm); 1.38 +diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c 1.39 +index 205793e..d45bb45 100644 1.40 +--- a/src/rsn_supp/wpa_ft.c 1.41 ++++ b/src/rsn_supp/wpa_ft.c 1.42 +@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, 1.43 + u16 capab; 1.44 + 1.45 + sm->ft_completed = 0; 1.46 ++ sm->ft_reassoc_completed = 0; 1.47 + 1.48 + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 1.49 + 2 + sm->r0kh_id_len + ric_ies_len + 100; 1.50 +@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, 1.51 + return -1; 1.52 + } 1.53 + 1.54 ++ if (sm->ft_reassoc_completed) { 1.55 ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); 1.56 ++ return 0; 1.57 ++ } 1.58 ++ 1.59 + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { 1.60 + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); 1.61 + return -1; 1.62 +@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, 1.63 + return -1; 1.64 + } 1.65 + 1.66 ++ sm->ft_reassoc_completed = 1; 1.67 ++ 1.68 + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) 1.69 + return -1; 1.70 + 1.71 +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h 1.72 +index 41f371f..56f88dc 100644 1.73 +--- a/src/rsn_supp/wpa_i.h 1.74 ++++ b/src/rsn_supp/wpa_i.h 1.75 +@@ -128,6 +128,7 @@ struct wpa_sm { 1.76 + size_t r0kh_id_len; 1.77 + u8 r1kh_id[FT_R1KH_ID_LEN]; 1.78 + int ft_completed; 1.79 ++ int ft_reassoc_completed; 1.80 + int over_the_ds_in_progress; 1.81 + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ 1.82 + int set_ptk_after_assoc; 1.83 +-- 1.84 +2.7.4 1.85 +