From 6f70fcd986de35a13808a8f87bc1f7b2ba0765e4 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Sat, 11 Apr 2020 12:25:18 +0200 Subject: [PATCH] nl80211: Check ethertype for control port RX nl80211 control port event handling previously did not differentiate between EAPOL and RSN preauth ethertypes. Add checking of the ethertype and report unexpected frames (only EAPOL frames are supposed to be delivered through this path). Signed-off-by: Markus Theil --- src/drivers/driver_nl80211_event.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index d4ca2eb29..6c4fd68c9 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -2505,12 +2505,34 @@ static void nl80211_sta_opmode_change_event(struct wpa_driver_nl80211_data *drv, static void nl80211_control_port_frame(struct wpa_driver_nl80211_data *drv, struct nlattr **tb) { - if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_FRAME]) + u8 *src_addr; + u16 ethertype; + + if (!tb[NL80211_ATTR_MAC] || + !tb[NL80211_ATTR_FRAME] || + !tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) return; - drv_event_eapol_rx(drv->ctx, nla_data(tb[NL80211_ATTR_MAC]), - nla_data(tb[NL80211_ATTR_FRAME]), - nla_len(tb[NL80211_ATTR_FRAME])); + src_addr = nla_data(tb[NL80211_ATTR_MAC]); + ethertype = nla_get_u16(tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); + + switch (ethertype) { + case ETH_P_RSN_PREAUTH: + wpa_printf(MSG_INFO, "nl80211: Got pre-auth frame from " + MACSTR " over control port unexpectedly", + MAC2STR(src_addr)); + break; + case ETH_P_PAE: + drv_event_eapol_rx(drv->ctx, src_addr, + nla_data(tb[NL80211_ATTR_FRAME]), + nla_len(tb[NL80211_ATTR_FRAME])); + break; + default: + wpa_printf(MSG_INFO, "nl80211: Unxpected ethertype 0x%04x from " + MACSTR " over control port", + ethertype, MAC2STR(src_addr)); + break; + } }