mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
SAE: Fix group selection
Number of regressions had shown up in wpa_supplicant implementation of SAE group selection due to different integer array termination (-1 in hostapd, 0 in wpa_supplicant) being used for SAE groups. The default_groups list did not seem to use any explicit termination value. In addition, the sae_group_index was not cleared back to 0 properly whenever a new SAE session was started. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
f5f59e4f57
commit
18ca733248
@ -678,7 +678,7 @@ static u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups,
|
|||||||
{
|
{
|
||||||
if (allowed_groups) {
|
if (allowed_groups) {
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; allowed_groups[i] >= 0; i++) {
|
for (i = 0; allowed_groups[i] > 0; i++) {
|
||||||
if (allowed_groups[i] == group)
|
if (allowed_groups[i] == group)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,7 @@ static int index_within_array(const int *array, int idx)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i < idx; i++) {
|
for (i = 0; i < idx; i++) {
|
||||||
if (array[i] == -1)
|
if (array[i] <= 0)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@ -56,9 +56,9 @@ static int index_within_array(const int *array, int idx)
|
|||||||
static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
|
static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
|
||||||
{
|
{
|
||||||
int *groups = wpa_s->conf->sae_groups;
|
int *groups = wpa_s->conf->sae_groups;
|
||||||
int default_groups[] = { 19, 20, 21, 25, 26 };
|
int default_groups[] = { 19, 20, 21, 25, 26, 0 };
|
||||||
|
|
||||||
if (!groups)
|
if (!groups || groups[0] <= 0)
|
||||||
groups = default_groups;
|
groups = default_groups;
|
||||||
|
|
||||||
/* Configuration may have changed, so validate current index */
|
/* Configuration may have changed, so validate current index */
|
||||||
@ -438,6 +438,7 @@ void sme_authenticate(struct wpa_supplicant *wpa_s,
|
|||||||
#ifdef CONFIG_SAE
|
#ifdef CONFIG_SAE
|
||||||
wpa_s->sme.sae.state = SAE_NOTHING;
|
wpa_s->sme.sae.state = SAE_NOTHING;
|
||||||
wpa_s->sme.sae.send_confirm = 0;
|
wpa_s->sme.sae.send_confirm = 0;
|
||||||
|
wpa_s->sme.sae_group_index = 0;
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE */
|
||||||
sme_send_authentication(wpa_s, bss, ssid, 1);
|
sme_send_authentication(wpa_s, bss, ssid, 1);
|
||||||
}
|
}
|
||||||
@ -482,15 +483,18 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
|
|||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (auth_transaction == 1) {
|
if (auth_transaction == 1) {
|
||||||
|
int *groups = wpa_s->conf->sae_groups;
|
||||||
|
|
||||||
wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
|
||||||
if (wpa_s->current_bss == NULL ||
|
if (wpa_s->current_bss == NULL ||
|
||||||
wpa_s->current_ssid == NULL)
|
wpa_s->current_ssid == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
if (wpa_s->sme.sae.state != SAE_COMMITTED)
|
if (wpa_s->sme.sae.state != SAE_COMMITTED)
|
||||||
return -1;
|
return -1;
|
||||||
|
if (groups && groups[0] <= 0)
|
||||||
|
groups = NULL;
|
||||||
if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
|
if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
|
||||||
wpa_s->conf->sae_groups) !=
|
groups) != WLAN_STATUS_SUCCESS)
|
||||||
WLAN_STATUS_SUCCESS)
|
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (sae_process_commit(&wpa_s->sme.sae) < 0) {
|
if (sae_process_commit(&wpa_s->sme.sae) < 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user