mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
IBSS RSN: Add a timeout for Authentication frame exchange
It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
18ece3133e
commit
add7add09d
@ -10,6 +10,7 @@
|
|||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "common/wpa_ctrl.h"
|
#include "common/wpa_ctrl.h"
|
||||||
|
#include "utils/eloop.h"
|
||||||
#include "l2_packet/l2_packet.h"
|
#include "l2_packet/l2_packet.h"
|
||||||
#include "rsn_supp/wpa.h"
|
#include "rsn_supp/wpa.h"
|
||||||
#include "rsn_supp/wpa_ie.h"
|
#include "rsn_supp/wpa_ie.h"
|
||||||
@ -20,6 +21,9 @@
|
|||||||
#include "ibss_rsn.h"
|
#include "ibss_rsn.h"
|
||||||
|
|
||||||
|
|
||||||
|
static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx);
|
||||||
|
|
||||||
|
|
||||||
static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn,
|
static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn,
|
||||||
const u8 *addr)
|
const u8 *addr)
|
||||||
{
|
{
|
||||||
@ -34,6 +38,7 @@ static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn,
|
|||||||
|
|
||||||
static void ibss_rsn_free(struct ibss_rsn_peer *peer)
|
static void ibss_rsn_free(struct ibss_rsn_peer *peer)
|
||||||
{
|
{
|
||||||
|
eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
|
||||||
wpa_auth_sta_deinit(peer->auth);
|
wpa_auth_sta_deinit(peer->auth);
|
||||||
wpa_sm_deinit(peer->supp);
|
wpa_sm_deinit(peer->supp);
|
||||||
os_free(peer);
|
os_free(peer);
|
||||||
@ -543,6 +548,23 @@ ibss_rsn_peer_init(struct ibss_rsn *ibss_rsn, const u8 *addr)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx)
|
||||||
|
{
|
||||||
|
struct ibss_rsn_peer *peer = eloop_ctx;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Assume peer does not support Authentication exchange or the frame was
|
||||||
|
* lost somewhere - start EAPOL Authenticator.
|
||||||
|
*/
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"RSN: Timeout on waiting Authentication frame response from "
|
||||||
|
MACSTR " - start authenticator", MAC2STR(peer->addr));
|
||||||
|
|
||||||
|
peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
|
||||||
|
ibss_rsn_auth_init(peer->ibss_rsn, peer);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr)
|
int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr)
|
||||||
{
|
{
|
||||||
struct ibss_rsn_peer *peer;
|
struct ibss_rsn_peer *peer;
|
||||||
@ -568,6 +590,7 @@ int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr)
|
|||||||
return ibss_rsn_auth_init(ibss_rsn, peer);
|
return ibss_rsn_auth_init(ibss_rsn, peer);
|
||||||
} else {
|
} else {
|
||||||
os_get_time(&peer->own_auth_tx);
|
os_get_time(&peer->own_auth_tx);
|
||||||
|
eloop_register_timeout(1, 0, ibss_rsn_auth_timeout, peer, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -882,7 +905,8 @@ void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* authentication has been completed */
|
/* authentication has been completed */
|
||||||
wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with "MACSTR,
|
eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
|
||||||
|
wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with " MACSTR,
|
||||||
MAC2STR(header->sa));
|
MAC2STR(header->sa));
|
||||||
ibss_rsn_peer_authenticated(ibss_rsn, peer,
|
ibss_rsn_peer_authenticated(ibss_rsn, peer,
|
||||||
IBSS_RSN_AUTH_BY_US);
|
IBSS_RSN_AUTH_BY_US);
|
||||||
|
Loading…
Reference in New Issue
Block a user