diff options
author | Jouni Malinen <j@w1.fi> | 2017-09-22 12:06:37 +0300 |
---|---|---|
committer | Ivan Kutepov <its.kutepov@gmail.com> | 2017-10-19 21:53:11 +0300 |
commit | bae1637cde1fbca92872c6bad335ee4f5149fedb (patch) | |
tree | 95631d0ae186a243f2c54bd22c36c5584b04b391 | |
parent | d0d2c071ccea87dc221b3bb30c952dfa5cf83f7d (diff) | |
download | android_external_wpa_supplicant_8-bae1637cde1fbca92872c6bad335ee4f5149fedb.tar.gz android_external_wpa_supplicant_8-bae1637cde1fbca92872c6bad335ee4f5149fedb.tar.bz2 android_external_wpa_supplicant_8-bae1637cde1fbca92872c6bad335ee4f5149fedb.zip |
FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
Change-Id: Ie76301550e96bfcfe252d874f2e83deb0aeb9533
Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r-- | src/rsn_supp/wpa.c | 3 | ||||
-rw-r--r-- | src/rsn_supp/wpa_ft.c | 8 | ||||
-rw-r--r-- | src/rsn_supp/wpa_i.h | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 665fdef4..6202c7af 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -2380,6 +2380,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) #ifdef CONFIG_TDLS wpa_tdls_disassoc(sm); #endif /* CONFIG_TDLS */ +#ifdef CONFIG_IEEE80211R + sm->ft_reassoc_completed = 0; +#endif /* CONFIG_IEEE80211R */ /* Keys are not needed in the WPA state machine anymore */ wpa_sm_drop_sa(sm); diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 06dea055..e8834dd0 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, u16 capab; sm->ft_completed = 0; + sm->ft_reassoc_completed = 0; buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 2 + sm->r0kh_id_len + ric_ies_len + 100; @@ -683,6 +684,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, return -1; } + if (sm->ft_reassoc_completed) { + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); + return 0; + } + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); return -1; @@ -783,6 +789,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, return -1; } + sm->ft_reassoc_completed = 1; + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) return -1; diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 51753eef..85cc8628 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -127,6 +127,7 @@ struct wpa_sm { size_t r0kh_id_len; u8 r1kh_id[FT_R1KH_ID_LEN]; int ft_completed; + int ft_reassoc_completed; int over_the_ds_in_progress; u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ int set_ptk_after_assoc; |