From 5344af7d22ac8c3171592b6afd6a5aaa8f023cb1 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 14 Apr 2020 13:46:00 +0300 Subject: [PATCH] FT: Discard ReassocReq with mismatching RSNXE Used value Discard the FT Reassociation Request frame instead of rejecting it (i.e., do not send Reassociation Response frame) if RSNXE Used is indicated in FTE, but no RSNXE is included even though the AP is advertising RSNXE. While there is not really much of a difference between discarding and rejecting the frame, this discarding behavior is what the standard says for this type of an error case. Signed-off-by: Jouni Malinen --- src/ap/drv_callbacks.c | 11 +++++++---- src/ap/ieee802_11.c | 12 +++++++----- src/ap/wpa_auth.h | 2 +- src/ap/wpa_auth_ft.c | 4 ++-- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 559bb87c2..524a15132 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -117,7 +117,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; u8 *p = buf; u16 reason = WLAN_REASON_UNSPECIFIED; - u16 status = WLAN_STATUS_SUCCESS; + int status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; if (addr == NULL) { @@ -606,17 +606,19 @@ skip_wpa_check: wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE && elems.owe_dh) { u8 *npos; + u16 ret_status; npos = owe_assoc_req_process(hapd, sta, elems.owe_dh, elems.owe_dh_len, p, sizeof(buf) - (p - buf), - &status); + &ret_status); + status = ret_status; if (npos) p = npos; if (!npos && status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) { - hostapd_sta_assoc(hapd, addr, reassoc, status, buf, + hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf, p - buf); return 0; } @@ -709,7 +711,8 @@ skip_wpa_check: fail: #ifdef CONFIG_IEEE80211R_AP - hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf); + if (status >= 0) + hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf); #endif /* CONFIG_IEEE80211R_AP */ hostapd_drv_sta_disassoc(hapd, sta->addr, reason); ap_free_sta(hapd, sta); diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 2a5f6e5ec..28ac7aa4b 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -3104,11 +3104,11 @@ end: #endif /* CONFIG_OWE */ -static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, +static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, const u8 *ies, size_t ies_len, int reassoc) { struct ieee802_11_elems elems; - u16 resp; + int resp; const u8 *wpa_ie; size_t wpa_ie_len; const u8 *p2p_dev_addr = NULL; @@ -4075,7 +4075,8 @@ static void handle_assoc(struct hostapd_data *hapd, int reassoc, int rssi) { u16 capab_info, listen_interval, seq_ctrl, fc; - u16 resp = WLAN_STATUS_SUCCESS, reply_res; + int resp = WLAN_STATUS_SUCCESS; + u16 reply_res; const u8 *pos; int left, i; struct sta_info *sta; @@ -4449,8 +4450,9 @@ static void handle_assoc(struct hostapd_data *hapd, } #endif /* CONFIG_FILS */ - reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos, - left, rssi, omit_rsnxe); + if (resp >= 0) + reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, + pos, left, rssi, omit_rsnxe); os_free(tmp); /* diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index fafabe9c5..c12221194 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -441,7 +441,7 @@ void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, u16 auth_transaction, u16 resp, const u8 *ies, size_t ies_len), void *ctx); -u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, +int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, size_t ies_len); int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len); int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 4ca18ab6b..30e801a3a 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -3247,7 +3247,7 @@ void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, } -u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, +int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, size_t ies_len) { struct wpa_ft_ies parse; @@ -3445,7 +3445,7 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, !parse.rsnxe) { wpa_printf(MSG_INFO, "FT: FTE indicated that STA uses RSNXE, but RSNXE was not included"); - return WLAN_STATUS_UNSPECIFIED_FAILURE; + return -1; /* discard request */ } #ifdef CONFIG_OCV