|
 |
41817b0 |
From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
|
|
|
41817b0 |
From: Jouni Malinen <j@w1.fi>
|
|
|
41817b0 |
Date: Fri, 22 Sep 2017 12:06:37 +0300
|
|
|
41817b0 |
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
|
|
|
41817b0 |
|
|
|
41817b0 |
The driver is expected to not report a second association event without
|
|
|
41817b0 |
the station having explicitly request a new association. As such, this
|
|
|
41817b0 |
case should not be reachable. However, since reconfiguring the same
|
|
|
41817b0 |
pairwise or group keys to the driver could result in nonce reuse issues,
|
|
|
41817b0 |
be extra careful here and do an additional state check to avoid this
|
|
|
41817b0 |
even if the local driver ends up somehow accepting an unexpected
|
|
|
41817b0 |
Reassociation Response frame.
|
|
|
41817b0 |
|
|
|
41817b0 |
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
|
41817b0 |
---
|
|
|
41817b0 |
src/rsn_supp/wpa.c | 3 +++
|
|
|
41817b0 |
src/rsn_supp/wpa_ft.c | 8 ++++++++
|
|
|
41817b0 |
src/rsn_supp/wpa_i.h | 1 +
|
|
|
41817b0 |
3 files changed, 12 insertions(+)
|
|
|
41817b0 |
|
|
|
41817b0 |
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
|
|
|
41817b0 |
index 0550a41..2a53c6f 100644
|
|
|
41817b0 |
--- a/src/rsn_supp/wpa.c
|
|
|
41817b0 |
+++ b/src/rsn_supp/wpa.c
|
|
|
41817b0 |
@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
|
|
|
41817b0 |
#ifdef CONFIG_TDLS
|
|
|
41817b0 |
wpa_tdls_disassoc(sm);
|
|
|
41817b0 |
#endif /* CONFIG_TDLS */
|
|
|
41817b0 |
+#ifdef CONFIG_IEEE80211R
|
|
|
41817b0 |
+ sm->ft_reassoc_completed = 0;
|
|
|
41817b0 |
+#endif /* CONFIG_IEEE80211R */
|
|
|
41817b0 |
|
|
|
41817b0 |
/* Keys are not needed in the WPA state machine anymore */
|
|
|
41817b0 |
wpa_sm_drop_sa(sm);
|
|
|
41817b0 |
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
|
|
|
41817b0 |
index 205793e..d45bb45 100644
|
|
|
41817b0 |
--- a/src/rsn_supp/wpa_ft.c
|
|
|
41817b0 |
+++ b/src/rsn_supp/wpa_ft.c
|
|
|
41817b0 |
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
|
|
|
41817b0 |
u16 capab;
|
|
|
41817b0 |
|
|
|
41817b0 |
sm->ft_completed = 0;
|
|
|
41817b0 |
+ sm->ft_reassoc_completed = 0;
|
|
|
41817b0 |
|
|
|
41817b0 |
buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
|
|
|
41817b0 |
2 + sm->r0kh_id_len + ric_ies_len + 100;
|
|
|
41817b0 |
@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
|
|
|
41817b0 |
return -1;
|
|
|
41817b0 |
}
|
|
|
41817b0 |
|
|
|
41817b0 |
+ if (sm->ft_reassoc_completed) {
|
|
|
41817b0 |
+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
|
|
|
41817b0 |
+ return 0;
|
|
|
41817b0 |
+ }
|
|
|
41817b0 |
+
|
|
|
41817b0 |
if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
|
|
|
41817b0 |
wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
|
|
|
41817b0 |
return -1;
|
|
|
41817b0 |
@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
|
|
|
41817b0 |
return -1;
|
|
|
41817b0 |
}
|
|
|
41817b0 |
|
|
|
41817b0 |
+ sm->ft_reassoc_completed = 1;
|
|
|
41817b0 |
+
|
|
|
41817b0 |
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
|
|
|
41817b0 |
return -1;
|
|
|
41817b0 |
|
|
|
41817b0 |
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
|
|
|
41817b0 |
index 41f371f..56f88dc 100644
|
|
|
41817b0 |
--- a/src/rsn_supp/wpa_i.h
|
|
|
41817b0 |
+++ b/src/rsn_supp/wpa_i.h
|
|
|
41817b0 |
@@ -128,6 +128,7 @@ struct wpa_sm {
|
|
|
41817b0 |
size_t r0kh_id_len;
|
|
|
41817b0 |
u8 r1kh_id[FT_R1KH_ID_LEN];
|
|
|
41817b0 |
int ft_completed;
|
|
|
41817b0 |
+ int ft_reassoc_completed;
|
|
|
41817b0 |
int over_the_ds_in_progress;
|
|
|
41817b0 |
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
|
|
|
41817b0 |
int set_ptk_after_assoc;
|
|
|
41817b0 |
--
|
|
|
41817b0 |
2.7.4
|
|
|
41817b0 |
|