From fa67debf4c6ddbc881a212b175faa6d5d0d90c8c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 14 Jan 2017 01:04:31 +0200 Subject: [PATCH] Fix duplicate Reassociation Request frame dropping Relational operators (==) have higher precedence than the ternary conditional in C. The last_subtype check for association/reassociation was broken due to incorrect assumption about the precedence. Fix this by adding parenthesis around the ternary conditional. The previous implementation worked for Association Request frames by accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when the last receive frame was an Association Request frame, the sta->last_subtype == reassoc check was true and non-zero WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was broken for Reassociation Request frame. reassoc == 1 in that case could have matched received Association Response frame (subtype == 1), but those are not received in AP mode and as such, this did not break other behavior apart from not being able to drop duplicated Reassociation Request frames. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 060b63517..92a7ec6db 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2527,8 +2527,8 @@ static void handle_assoc(struct hostapd_data *hapd, if ((fc & WLAN_FC_RETRY) && sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && sta->last_seq_ctrl == seq_ctrl && - sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ : - WLAN_FC_STYPE_ASSOC_REQ) { + sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ : + WLAN_FC_STYPE_ASSOC_REQ)) { hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_DEBUG, "Drop repeated association frame seq_ctrl=0x%x",