mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
WPS: Use BSS table instead of raw scan results
This commit is contained in:
parent
88ba1f7213
commit
59f2caa925
@ -65,9 +65,8 @@ static void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s,
|
struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
|
||||||
const u8 *bssid, const u8 *ssid,
|
const u8 *ssid, size_t ssid_len)
|
||||||
size_t ssid_len)
|
|
||||||
{
|
{
|
||||||
struct wpa_bss *bss;
|
struct wpa_bss *bss;
|
||||||
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
||||||
|
@ -72,6 +72,8 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
|
|||||||
void wpa_bss_update_end(struct wpa_supplicant *wpa_s);
|
void wpa_bss_update_end(struct wpa_supplicant *wpa_s);
|
||||||
int wpa_bss_init(struct wpa_supplicant *wpa_s);
|
int wpa_bss_init(struct wpa_supplicant *wpa_s);
|
||||||
void wpa_bss_deinit(struct wpa_supplicant *wpa_s);
|
void wpa_bss_deinit(struct wpa_supplicant *wpa_s);
|
||||||
|
struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
|
||||||
|
const u8 *ssid, size_t ssid_len);
|
||||||
struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
|
struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
|
||||||
const u8 *bssid);
|
const u8 *bssid);
|
||||||
struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id);
|
struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id);
|
||||||
|
@ -30,6 +30,7 @@
|
|||||||
#include "driver_i.h"
|
#include "driver_i.h"
|
||||||
#include "notify.h"
|
#include "notify.h"
|
||||||
#include "blacklist.h"
|
#include "blacklist.h"
|
||||||
|
#include "bss.h"
|
||||||
#include "wps_supplicant.h"
|
#include "wps_supplicant.h"
|
||||||
|
|
||||||
|
|
||||||
@ -93,8 +94,7 @@ static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s,
|
|||||||
const struct wps_credential *cred)
|
const struct wps_credential *cred)
|
||||||
{
|
{
|
||||||
struct wpa_driver_capa capa;
|
struct wpa_driver_capa capa;
|
||||||
size_t i;
|
struct wpa_bss *bss;
|
||||||
struct wpa_scan_res *bss;
|
|
||||||
const u8 *ie;
|
const u8 *ie;
|
||||||
struct wpa_ie_data adv;
|
struct wpa_ie_data adv;
|
||||||
int wpa2 = 0, ccmp = 0;
|
int wpa2 = 0, ccmp = 0;
|
||||||
@ -110,38 +110,22 @@ static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s,
|
|||||||
if (wpa_drv_get_capa(wpa_s, &capa))
|
if (wpa_drv_get_capa(wpa_s, &capa))
|
||||||
return; /* Unknown what driver supports */
|
return; /* Unknown what driver supports */
|
||||||
|
|
||||||
if (wpa_supplicant_get_scan_results(wpa_s) || wpa_s->scan_res == NULL)
|
bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len);
|
||||||
return; /* Could not get scan results for checking advertised
|
if (bss == NULL) {
|
||||||
* parameters */
|
wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS "
|
||||||
|
"table - use credential as-is");
|
||||||
for (i = 0; i < wpa_s->scan_res->num; i++) {
|
|
||||||
bss = wpa_s->scan_res->res[i];
|
|
||||||
if (os_memcmp(bss->bssid, cred->mac_addr, ETH_ALEN) != 0)
|
|
||||||
continue;
|
|
||||||
ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
|
|
||||||
if (ie == NULL)
|
|
||||||
continue;
|
|
||||||
if (ie[1] != ssid->ssid_len || ssid->ssid == NULL ||
|
|
||||||
os_memcmp(ie + 2, ssid->ssid, ssid->ssid_len) != 0)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPS: AP found from scan results");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (i == wpa_s->scan_res->num) {
|
|
||||||
wpa_printf(MSG_DEBUG, "WPS: The AP was not found from scan "
|
|
||||||
"results - use credential as-is");
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
ie = wpa_scan_get_ie(bss, WLAN_EID_RSN);
|
wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table");
|
||||||
|
|
||||||
|
ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
|
||||||
if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) {
|
if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) {
|
||||||
wpa2 = 1;
|
wpa2 = 1;
|
||||||
if (adv.pairwise_cipher & WPA_CIPHER_CCMP)
|
if (adv.pairwise_cipher & WPA_CIPHER_CCMP)
|
||||||
ccmp = 1;
|
ccmp = 1;
|
||||||
} else {
|
} else {
|
||||||
ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
|
ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
|
||||||
if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 &&
|
if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 &&
|
||||||
adv.pairwise_cipher & WPA_CIPHER_CCMP)
|
adv.pairwise_cipher & WPA_CIPHER_CCMP)
|
||||||
ccmp = 1;
|
ccmp = 1;
|
||||||
@ -588,34 +572,22 @@ static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (bssid) {
|
if (bssid) {
|
||||||
size_t i;
|
struct wpa_bss *bss;
|
||||||
int count = 0;
|
int count = 0;
|
||||||
|
|
||||||
os_memcpy(ssid->bssid, bssid, ETH_ALEN);
|
os_memcpy(ssid->bssid, bssid, ETH_ALEN);
|
||||||
ssid->bssid_set = 1;
|
ssid->bssid_set = 1;
|
||||||
|
|
||||||
/* Try to get SSID from scan results */
|
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
||||||
if (wpa_s->scan_res == NULL &&
|
if (os_memcmp(bssid, bss->bssid, ETH_ALEN) != 0)
|
||||||
wpa_supplicant_get_scan_results(wpa_s) < 0)
|
|
||||||
return ssid; /* Could not find any scan results */
|
|
||||||
|
|
||||||
for (i = 0; i < wpa_s->scan_res->num; i++) {
|
|
||||||
const u8 *ie;
|
|
||||||
struct wpa_scan_res *res;
|
|
||||||
|
|
||||||
res = wpa_s->scan_res->res[i];
|
|
||||||
if (os_memcmp(bssid, res->bssid, ETH_ALEN) != 0)
|
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
ie = wpa_scan_get_ie(res, WLAN_EID_SSID);
|
|
||||||
if (ie == NULL)
|
|
||||||
break;
|
|
||||||
os_free(ssid->ssid);
|
os_free(ssid->ssid);
|
||||||
ssid->ssid = os_malloc(ie[1]);
|
ssid->ssid = os_malloc(bss->ssid_len);
|
||||||
if (ssid->ssid == NULL)
|
if (ssid->ssid == NULL)
|
||||||
break;
|
break;
|
||||||
os_memcpy(ssid->ssid, ie + 2, ie[1]);
|
os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
|
||||||
ssid->ssid_len = ie[1];
|
ssid->ssid_len = bss->ssid_len;
|
||||||
wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from "
|
wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from "
|
||||||
"scan results",
|
"scan results",
|
||||||
ssid->ssid, ssid->ssid_len);
|
ssid->ssid, ssid->ssid_len);
|
||||||
|
Loading…
Reference in New Issue
Block a user