Do not start SA Query procedure without keys
The AP mode condition for initiating the SA Query procedure when receiving a new (Re)Association Request frame used only association state and MFP negotiation result without checking that the key exchange has been completed. This can give rise to a corner case where the SA Query procedure may get started after open association but before the 4-way handshake has been completed, resulting in open SA query frames over the air. Fix this by adding station authorized check in hostapd_notif_assoc() and check_assoc_ies(). Signed-off-by: Rohan <drohan@codeaurora.org>
This commit is contained in:
parent
a92660a00e
commit
e3ba0c4cd2
2 changed files with 12 additions and 8 deletions
|
@ -388,13 +388,15 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
|||
goto fail;
|
||||
}
|
||||
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
if ((sta->flags &
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
sta->sa_query_count > 0)
|
||||
ap_check_sa_query_timeout(hapd, sta);
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
if ((sta->flags &
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
(sta->auth_alg != WLAN_AUTH_FT)) {
|
||||
/*
|
||||
|
|
|
@ -3328,13 +3328,15 @@ static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
|||
resp = wpa_res_to_status_code(res);
|
||||
if (resp != WLAN_STATUS_SUCCESS)
|
||||
return resp;
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
if ((sta->flags &
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
sta->sa_query_count > 0)
|
||||
ap_check_sa_query_timeout(hapd, sta);
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
if ((sta->flags &
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
(!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
|
||||
/*
|
||||
|
|
Loading…
Reference in a new issue