You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
2.7 KiB
82 lines
2.7 KiB
From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 |
|
From: Jouni Malinen <j@w1.fi> |
|
Date: Fri, 22 Sep 2017 12:06:37 +0300 |
|
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames |
|
|
|
The driver is expected to not report a second association event without |
|
the station having explicitly request a new association. As such, this |
|
case should not be reachable. However, since reconfiguring the same |
|
pairwise or group keys to the driver could result in nonce reuse issues, |
|
be extra careful here and do an additional state check to avoid this |
|
even if the local driver ends up somehow accepting an unexpected |
|
Reassociation Response frame. |
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi> |
|
--- |
|
src/rsn_supp/wpa.c | 3 +++ |
|
src/rsn_supp/wpa_ft.c | 8 ++++++++ |
|
src/rsn_supp/wpa_i.h | 1 + |
|
3 files changed, 12 insertions(+) |
|
|
|
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
|
index 0550a41..2a53c6f 100644 |
|
--- a/src/rsn_supp/wpa.c |
|
+++ b/src/rsn_supp/wpa.c |
|
@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) |
|
#ifdef CONFIG_TDLS |
|
wpa_tdls_disassoc(sm); |
|
#endif /* CONFIG_TDLS */ |
|
+#ifdef CONFIG_IEEE80211R |
|
+ sm->ft_reassoc_completed = 0; |
|
+#endif /* CONFIG_IEEE80211R */ |
|
|
|
/* Keys are not needed in the WPA state machine anymore */ |
|
wpa_sm_drop_sa(sm); |
|
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c |
|
index 205793e..d45bb45 100644 |
|
--- a/src/rsn_supp/wpa_ft.c |
|
+++ b/src/rsn_supp/wpa_ft.c |
|
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, |
|
u16 capab; |
|
|
|
sm->ft_completed = 0; |
|
+ sm->ft_reassoc_completed = 0; |
|
|
|
buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + |
|
2 + sm->r0kh_id_len + ric_ies_len + 100; |
|
@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
|
return -1; |
|
} |
|
|
|
+ if (sm->ft_reassoc_completed) { |
|
+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); |
|
+ return 0; |
|
+ } |
|
+ |
|
if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { |
|
wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); |
|
return -1; |
|
@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
|
return -1; |
|
} |
|
|
|
+ sm->ft_reassoc_completed = 1; |
|
+ |
|
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) |
|
return -1; |
|
|
|
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
|
index 41f371f..56f88dc 100644 |
|
--- a/src/rsn_supp/wpa_i.h |
|
+++ b/src/rsn_supp/wpa_i.h |
|
@@ -128,6 +128,7 @@ struct wpa_sm { |
|
size_t r0kh_id_len; |
|
u8 r1kh_id[FT_R1KH_ID_LEN]; |
|
int ft_completed; |
|
+ int ft_reassoc_completed; |
|
int over_the_ds_in_progress; |
|
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ |
|
int set_ptk_after_assoc; |
|
-- |
|
2.7.4 |
|
|
|
|