jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Parse EAPOL-Key msg 2/4 Key Data IEs/KDEs before checking RSN/WPA IE

Browse source 
This is needed to avoid incorrect validation errors on RSN/WPA IE
when using FT since there may be more than a single IE in the
Key Data field.
This commit is contained in:
Jouni Malinen 2010-04-10 16:46:17 +03:00
parent e7846b6859
commit 1566ec4685
1 changed files with 20 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/ap/wpa_auth.c
View file

@ -610,6 +610,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
char *msgtxt; char *msgtxt;
struct wpa_eapol_ie_parse kde; struct wpa_eapol_ie_parse kde;
int ft; int ft;
const u8 *eapol_key_ie;
size_t eapol_key_ie_len;
if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
return; return;
@ -740,12 +742,26 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
sm->wpa_ptk_state); sm->wpa_ptk_state);
return; return;
} }
if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
&kde) < 0) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key msg 2/4 with "
"invalid Key Data contents");
return;
}
if (kde.rsn_ie) {
eapol_key_ie = kde.rsn_ie;
eapol_key_ie_len = kde.rsn_ie_len;
} else {
eapol_key_ie = kde.wpa_ie;
eapol_key_ie_len = kde.wpa_ie_len;
}
ft = sm->wpa == WPA_VERSION_WPA2 && ft = sm->wpa == WPA_VERSION_WPA2 &&
wpa_key_mgmt_ft(sm->wpa_key_mgmt); wpa_key_mgmt_ft(sm->wpa_key_mgmt);
if (sm->wpa_ie == NULL || if (sm->wpa_ie == NULL ||
wpa_compare_rsn_ie(ft, wpa_compare_rsn_ie(ft,
sm->wpa_ie, sm->wpa_ie_len, sm->wpa_ie, sm->wpa_ie_len,
(u8 *) (key + 1), key_data_length)) { eapol_key_ie, eapol_key_ie_len)) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"WPA IE from (Re)AssocReq did not " "WPA IE from (Re)AssocReq did not "
"match with msg 2/4"); "match with msg 2/4");
@ -754,7 +770,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
sm->wpa_ie, sm->wpa_ie_len); sm->wpa_ie, sm->wpa_ie_len);
} }
wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4", wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
(u8 *) (key + 1), key_data_length); eapol_key_ie, eapol_key_ie_len);
/* MLME-DEAUTHENTICATE.request */ /* MLME-DEAUTHENTICATE.request */
wpa_sta_disconnect(wpa_auth, sm->addr); wpa_sta_disconnect(wpa_auth, sm->addr);
return; return;
@ -762,8 +778,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
#ifdef CONFIG_IEEE80211R #ifdef CONFIG_IEEE80211R
if (ft) { if (ft) {
struct wpa_ie_data ie; struct wpa_ie_data ie;
if (wpa_parse_wpa_ie_rsn((u8 *) (key + 1), if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len,
key_data_length, &ie) < 0 || &ie) < 0 ||
ie.num_pmkid != 1 || ie.pmkid == NULL) { ie.num_pmkid != 1 || ie.pmkid == NULL) {
wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
"FT 4-way handshake message 2/4"); "FT 4-way handshake message 2/4");