/[pkg-src]/trunk/wpa_supplicant/patches/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch |
Contents of /trunk/wpa_supplicant/patches/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
Parent Directory | Revision Log
Revision 2999 -
(show annotations)
(download)
Tue Oct 17 10:55:21 2017 UTC (6 years, 7 months ago) by niro
File size: 2750 byte(s)
Tue Oct 17 10:55:21 2017 UTC (6 years, 7 months ago) by niro
File size: 2750 byte(s)
-krackattack patches
1 | From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 |
2 | From: Jouni Malinen <j@w1.fi> |
3 | Date: Fri, 22 Sep 2017 12:06:37 +0300 |
4 | Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames |
5 | |
6 | The driver is expected to not report a second association event without |
7 | the station having explicitly request a new association. As such, this |
8 | case should not be reachable. However, since reconfiguring the same |
9 | pairwise or group keys to the driver could result in nonce reuse issues, |
10 | be extra careful here and do an additional state check to avoid this |
11 | even if the local driver ends up somehow accepting an unexpected |
12 | Reassociation Response frame. |
13 | |
14 | Signed-off-by: Jouni Malinen <j@w1.fi> |
15 | --- |
16 | src/rsn_supp/wpa.c | 3 +++ |
17 | src/rsn_supp/wpa_ft.c | 8 ++++++++ |
18 | src/rsn_supp/wpa_i.h | 1 + |
19 | 3 files changed, 12 insertions(+) |
20 | |
21 | diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
22 | index 0550a41..2a53c6f 100644 |
23 | --- a/src/rsn_supp/wpa.c |
24 | +++ b/src/rsn_supp/wpa.c |
25 | @@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) |
26 | #ifdef CONFIG_TDLS |
27 | wpa_tdls_disassoc(sm); |
28 | #endif /* CONFIG_TDLS */ |
29 | +#ifdef CONFIG_IEEE80211R |
30 | + sm->ft_reassoc_completed = 0; |
31 | +#endif /* CONFIG_IEEE80211R */ |
32 | |
33 | /* Keys are not needed in the WPA state machine anymore */ |
34 | wpa_sm_drop_sa(sm); |
35 | diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c |
36 | index 205793e..d45bb45 100644 |
37 | --- a/src/rsn_supp/wpa_ft.c |
38 | +++ b/src/rsn_supp/wpa_ft.c |
39 | @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, |
40 | u16 capab; |
41 | |
42 | sm->ft_completed = 0; |
43 | + sm->ft_reassoc_completed = 0; |
44 | |
45 | buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + |
46 | 2 + sm->r0kh_id_len + ric_ies_len + 100; |
47 | @@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
48 | return -1; |
49 | } |
50 | |
51 | + if (sm->ft_reassoc_completed) { |
52 | + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); |
53 | + return 0; |
54 | + } |
55 | + |
56 | if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { |
57 | wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); |
58 | return -1; |
59 | @@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
60 | return -1; |
61 | } |
62 | |
63 | + sm->ft_reassoc_completed = 1; |
64 | + |
65 | if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) |
66 | return -1; |
67 | |
68 | diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
69 | index 41f371f..56f88dc 100644 |
70 | --- a/src/rsn_supp/wpa_i.h |
71 | +++ b/src/rsn_supp/wpa_i.h |
72 | @@ -128,6 +128,7 @@ struct wpa_sm { |
73 | size_t r0kh_id_len; |
74 | u8 r1kh_id[FT_R1KH_ID_LEN]; |
75 | int ft_completed; |
76 | + int ft_reassoc_completed; |
77 | int over_the_ds_in_progress; |
78 | u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ |
79 | int set_ptk_after_assoc; |
80 | -- |
81 | 2.7.4 |
82 |