diff options
| author | Jouni Malinen <j@w1.fi> | 2017-09-22 12:06:37 +0300 |
|---|---|---|
| committer | Andreas Blaesius <skate4life@gmx.de> | 2017-10-21 19:38:56 +0200 |
| commit | 0a69b283ce06dd58ae5df8996030cb522ddd5a37 (patch) | |
| tree | 3591f2d81305ff199d7a25f9f5323908cccf7dcd | |
| parent | 93e3867f12318c7bf035b2ea5defcf43920de252 (diff) | |
| download | android_external_wpa_supplicant_8-0a69b283ce06dd58ae5df8996030cb522ddd5a37.tar.gz android_external_wpa_supplicant_8-0a69b283ce06dd58ae5df8996030cb522ddd5a37.tar.bz2 android_external_wpa_supplicant_8-0a69b283ce06dd58ae5df8996030cb522ddd5a37.zip | |
FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
Change-Id: I372aab2ff1ecdd648f50772944595aced4ac1439
Signed-off-by: Jouni Malinen <j@w1.fi>
| -rw-r--r-- | src/rsn_supp/wpa.c | 3 | ||||
| -rw-r--r-- | src/rsn_supp/wpa_ft.c | 8 | ||||
| -rw-r--r-- | src/rsn_supp/wpa_i.h | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 0304c0df..e8968a29 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -2162,6 +2162,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) #ifdef CONFIG_TDLS wpa_tdls_disassoc(sm); #endif /* CONFIG_TDLS */ +#ifdef CONFIG_IEEE80211R + sm->ft_reassoc_completed = 0; +#endif /* CONFIG_IEEE80211R */ } diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 3a40c96f..03ee405b 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -156,6 +156,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, u16 capab; sm->ft_completed = 0; + sm->ft_reassoc_completed = 0; buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 2 + sm->r0kh_id_len + ric_ies_len + 100; @@ -685,6 +686,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, return -1; } + if (sm->ft_reassoc_completed) { + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); + return 0; + } + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); return -1; @@ -783,6 +789,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, return -1; } + sm->ft_reassoc_completed = 1; + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) return -1; diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 92ce49ba..6c81b3d4 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -121,6 +121,7 @@ struct wpa_sm { size_t r0kh_id_len; u8 r1kh_id[FT_R1KH_ID_LEN]; int ft_completed; + int ft_reassoc_completed; int over_the_ds_in_progress; u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ int set_ptk_after_assoc; |