GAS: Check protected/unprotected drop after action code check
Apply the GAS specific rule of using Protected Dual of Public Action frame only after having checked that the action code indicates this to be a GAS response. Previously, non-GAS Public Action frames could have been incorrectly dropped because of this check if received during an association with PMF enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
9c21b2bf45
commit
ae2b4827cc
1 changed files with 8 additions and 8 deletions
|
@ -512,6 +512,14 @@ int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
|
||||||
if (gas == NULL || len < 4)
|
if (gas == NULL || len < 4)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
pos = data;
|
||||||
|
action = *pos++;
|
||||||
|
dialog_token = *pos++;
|
||||||
|
|
||||||
|
if (action != WLAN_PA_GAS_INITIAL_RESP &&
|
||||||
|
action != WLAN_PA_GAS_COMEBACK_RESP)
|
||||||
|
return -1; /* Not a GAS response */
|
||||||
|
|
||||||
prot = categ == WLAN_ACTION_PROTECTED_DUAL;
|
prot = categ == WLAN_ACTION_PROTECTED_DUAL;
|
||||||
pmf = pmf_in_use(gas->wpa_s, sa);
|
pmf = pmf_in_use(gas->wpa_s, sa);
|
||||||
if (prot && !pmf) {
|
if (prot && !pmf) {
|
||||||
|
@ -523,14 +531,6 @@ int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
pos = data;
|
|
||||||
action = *pos++;
|
|
||||||
dialog_token = *pos++;
|
|
||||||
|
|
||||||
if (action != WLAN_PA_GAS_INITIAL_RESP &&
|
|
||||||
action != WLAN_PA_GAS_COMEBACK_RESP)
|
|
||||||
return -1; /* Not a GAS response */
|
|
||||||
|
|
||||||
query = gas_query_get_pending(gas, sa, dialog_token);
|
query = gas_query_get_pending(gas, sa, dialog_token);
|
||||||
if (query == NULL) {
|
if (query == NULL) {
|
||||||
wpa_printf(MSG_DEBUG, "GAS: No pending query found for " MACSTR
|
wpa_printf(MSG_DEBUG, "GAS: No pending query found for " MACSTR
|
||||||
|
|
Loading…
Reference in a new issue