FT: Handle AssocResp generation failures as fatal errors
Instead of sending out a partially completed frame, abort the association process if something unexpected happens and remove the STA entry. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
		
							parent
							
								
									c52626489a
								
							
						
					
					
						commit
						2cf36d6085
					
				
					 3 changed files with 22 additions and 9 deletions
				
			
		|  | @ -453,6 +453,10 @@ skip_wpa_check: | ||||||
| #ifdef CONFIG_IEEE80211R_AP | #ifdef CONFIG_IEEE80211R_AP | ||||||
| 	p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf), | 	p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf), | ||||||
| 					sta->auth_alg, req_ies, req_ies_len); | 					sta->auth_alg, req_ies, req_ies_len); | ||||||
|  | 	if (!p) { | ||||||
|  | 		wpa_printf(MSG_DEBUG, "FT: Failed to write AssocResp IEs"); | ||||||
|  | 		return WLAN_STATUS_UNSPECIFIED_FAILURE; | ||||||
|  | 	} | ||||||
| #endif /* CONFIG_IEEE80211R_AP */ | #endif /* CONFIG_IEEE80211R_AP */ | ||||||
| 
 | 
 | ||||||
| #ifdef CONFIG_FILS | #ifdef CONFIG_FILS | ||||||
|  |  | ||||||
|  | @ -2879,6 +2879,12 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, | ||||||
| 		p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, | 		p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, | ||||||
| 						buf + buflen - p, | 						buf + buflen - p, | ||||||
| 						sta->auth_alg, ies, ies_len); | 						sta->auth_alg, ies, ies_len); | ||||||
|  | 		if (!p) { | ||||||
|  | 			wpa_printf(MSG_DEBUG, | ||||||
|  | 				   "FT: Failed to write AssocResp IEs"); | ||||||
|  | 			res = WLAN_STATUS_UNSPECIFIED_FAILURE; | ||||||
|  | 			goto done; | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| #endif /* CONFIG_IEEE80211R_AP */ | #endif /* CONFIG_IEEE80211R_AP */ | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -2377,7 +2377,7 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, | ||||||
| 		 */ | 		 */ | ||||||
| 		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name); | 		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name); | ||||||
| 		if (res < 0) | 		if (res < 0) | ||||||
| 			return pos; | 			return NULL; | ||||||
| 		rsnie = pos; | 		rsnie = pos; | ||||||
| 		rsnie_len = res; | 		rsnie_len = res; | ||||||
| 		pos += res; | 		pos += res; | ||||||
|  | @ -2386,7 +2386,7 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, | ||||||
| 	/* Mobility Domain Information */ | 	/* Mobility Domain Information */ | ||||||
| 	res = wpa_write_mdie(conf, pos, end - pos); | 	res = wpa_write_mdie(conf, pos, end - pos); | ||||||
| 	if (res < 0) | 	if (res < 0) | ||||||
| 		return pos; | 		return NULL; | ||||||
| 	mdie = pos; | 	mdie = pos; | ||||||
| 	mdie_len = res; | 	mdie_len = res; | ||||||
| 	pos += res; | 	pos += res; | ||||||
|  | @ -2397,7 +2397,7 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, | ||||||
| 		if (!subelem) { | 		if (!subelem) { | ||||||
| 			wpa_printf(MSG_DEBUG, | 			wpa_printf(MSG_DEBUG, | ||||||
| 				   "FT: Failed to add GTK subelement"); | 				   "FT: Failed to add GTK subelement"); | ||||||
| 			return pos; | 			return NULL; | ||||||
| 		} | 		} | ||||||
| 		r0kh_id = sm->r0kh_id; | 		r0kh_id = sm->r0kh_id; | ||||||
| 		r0kh_id_len = sm->r0kh_id_len; | 		r0kh_id_len = sm->r0kh_id_len; | ||||||
|  | @ -2413,13 +2413,13 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, | ||||||
| 				wpa_printf(MSG_DEBUG, | 				wpa_printf(MSG_DEBUG, | ||||||
| 					   "FT: Failed to add IGTK subelement"); | 					   "FT: Failed to add IGTK subelement"); | ||||||
| 				os_free(subelem); | 				os_free(subelem); | ||||||
| 				return pos; | 				return NULL; | ||||||
| 			} | 			} | ||||||
| 			nbuf = os_realloc(subelem, subelem_len + igtk_len); | 			nbuf = os_realloc(subelem, subelem_len + igtk_len); | ||||||
| 			if (nbuf == NULL) { | 			if (nbuf == NULL) { | ||||||
| 				os_free(subelem); | 				os_free(subelem); | ||||||
| 				os_free(igtk); | 				os_free(igtk); | ||||||
| 				return pos; | 				return NULL; | ||||||
| 			} | 			} | ||||||
| 			subelem = nbuf; | 			subelem = nbuf; | ||||||
| 			os_memcpy(subelem + subelem_len, igtk, igtk_len); | 			os_memcpy(subelem + subelem_len, igtk, igtk_len); | ||||||
|  | @ -2438,7 +2438,7 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, | ||||||
| 			     subelem, subelem_len); | 			     subelem, subelem_len); | ||||||
| 	os_free(subelem); | 	os_free(subelem); | ||||||
| 	if (res < 0) | 	if (res < 0) | ||||||
| 		return pos; | 		return NULL; | ||||||
| 	ftie = pos; | 	ftie = pos; | ||||||
| 	ftie_len = res; | 	ftie_len = res; | ||||||
| 	pos += res; | 	pos += res; | ||||||
|  | @ -2483,12 +2483,15 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, | ||||||
| 		       mdie, mdie_len, ftie, ftie_len, | 		       mdie, mdie_len, ftie, ftie_len, | ||||||
| 		       rsnie, rsnie_len, | 		       rsnie, rsnie_len, | ||||||
| 		       ric_start, ric_start ? pos - ric_start : 0, | 		       ric_start, ric_start ? pos - ric_start : 0, | ||||||
| 		       fte_mic) < 0) | 		       fte_mic) < 0) { | ||||||
| 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); | 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); | ||||||
|  | 		return NULL; | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	os_free(sm->assoc_resp_ftie); | 	os_free(sm->assoc_resp_ftie); | ||||||
| 	sm->assoc_resp_ftie = os_malloc(ftie_len); | 	sm->assoc_resp_ftie = os_malloc(ftie_len); | ||||||
| 	if (sm->assoc_resp_ftie) | 	if (!sm->assoc_resp_ftie) | ||||||
|  | 		return NULL; | ||||||
| 	os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len); | 	os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len); | ||||||
| 
 | 
 | ||||||
| 	return pos; | 	return pos; | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen