jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Disassociate STA if it associated with invalid/missing WPA/RSN IE

Browse source 
When using drivers that process management frames internally (e.g.,
madwifi, atheros, bsd), the driver may accept association with IEs
that do not match the security policy. Instead of silently leaving
the station associated, explicitly disassociate it to clear the
driver entry immediately.
This commit is contained in:
Andriy Tkachuk 2009-11-11 17:33:55 +02:00 committed by Jouni Malinen
parent 3d3d305645
commit 355d36a7bf
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
hostapd/drv_callbacks.c
View file

@ -284,9 +284,26 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
ie, ielen, NULL, 0); ie, ielen, NULL, 0);
if (res != WPA_IE_OK) { if (res != WPA_IE_OK) {
int resp;
wpa_printf(MSG_DEBUG, "WPA/RSN information element " wpa_printf(MSG_DEBUG, "WPA/RSN information element "
"rejected? (res %u)", res); "rejected? (res %u)", res);
wpa_hexdump(MSG_DEBUG, "IE", ie, ielen); wpa_hexdump(MSG_DEBUG, "IE", ie, ielen);
if (res == WPA_INVALID_GROUP)
resp = WLAN_REASON_GROUP_CIPHER_NOT_VALID;
else if (res == WPA_INVALID_PAIRWISE)
resp = WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID;
else if (res == WPA_INVALID_AKMP)
resp = WLAN_REASON_AKMP_NOT_VALID;
#ifdef CONFIG_IEEE80211W
else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
resp = WLAN_REASON_INVALID_IE;
else if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
resp = WLAN_REASON_GROUP_CIPHER_NOT_VALID;
#endif /* CONFIG_IEEE80211W */
else
resp = WLAN_REASON_INVALID_IE;
hostapd_sta_disassoc(hapd, sta->addr, resp);
ap_free_sta(hapd, sta);
return -1; return -1;
} }
} else if (hapd->conf->wps_state) { } else if (hapd->conf->wps_state) {