mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
FILS: Do not process FILS HLP request again while previous one is pending
It is better not to process a new (most likely repeated) FILS HLP request if a station retransmits (Re)Association Request frame before the previous HLP response has either been received or timed out. The previous implementation ended up doing this and also ended up rescheduling the fils_hlp_timeout timer in a manner that prevented the initial timeout from being reached if the STA continued retransmitting the frame. This could result in failed association due to a timeout on the station side. Make this more robust by processing (and relaying to the server) the HLP request once and then ignoring any new HLP request while the response for the relayed request is still pending. The new (Re)Association Request frames are otherwise processed, but they do not result in actual state change on the AP side before the HLP process from the first pending request is completed. This fixes hwsim test case fils_sk_hlp_oom failures with unmodified mac80211 implementation (i.e., with a relatively short retransmission timeout for (Re)Association Request frame). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
891e1668c0
commit
17adac9ef9
@ -580,6 +580,19 @@ int fils_process_hlp(struct hostapd_data *hapd, struct sta_info *sta,
|
||||
u8 *tmp, *tmp_pos;
|
||||
int ret = 0;
|
||||
|
||||
if (sta->fils_pending_assoc_req &&
|
||||
eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta)) {
|
||||
/* Do not process FILS HLP request again if the station
|
||||
* retransmits (Re)Association Request frame before the previous
|
||||
* HLP response has either been received or timed out. */
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"FILS: Do not relay another HLP request from "
|
||||
MACSTR
|
||||
" before processing of the already pending one has been completed",
|
||||
MAC2STR(sta->addr));
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Old DHCPDISCOVER is not needed anymore, if it was still pending */
|
||||
wpabuf_free(sta->hlp_dhcp_discover);
|
||||
sta->hlp_dhcp_discover = NULL;
|
||||
|
@ -3554,6 +3554,19 @@ static void handle_assoc(struct hostapd_data *hapd,
|
||||
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
||||
|
||||
#ifdef CONFIG_FILS
|
||||
if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS &&
|
||||
eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta) &&
|
||||
sta->fils_pending_assoc_req) {
|
||||
/* Do not reschedule fils_hlp_timeout in case the station
|
||||
* retransmits (Re)Association Request frame while waiting for
|
||||
* the previously started FILS HLP wait, so that the timeout can
|
||||
* be determined from the first pending attempt. */
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"FILS: Continue waiting for HLP processing before sending (Re)Association Response frame to "
|
||||
MACSTR, MAC2STR(sta->addr));
|
||||
os_free(tmp);
|
||||
return;
|
||||
}
|
||||
if (sta) {
|
||||
eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
|
||||
os_free(sta->fils_pending_assoc_req);
|
||||
|
Loading…
Reference in New Issue
Block a user