fragattacks: ignore old EAPOL replay counters

When testing the TelenetWiFree hotspot using the command: ./fragattack.py wlan0 --no-drivercheck ping I,F,E --rekey-req --rekey-plain Then the AP would reuse old EAPOL replay counters in the rekey 4-way handshake. So for the rekey handshake to succeed, the client has to accept these EAPOL handshake messages with a "reused" replay counter. Note that these networks also performed the rekey handshake in plaintext, which will be handled by a subsequent patch.
2024-11-24 16:28:23 -05:00 · 2023-10-11 22:39:10 +02:00 · 2023-10-11 22:39:10 +02:00 · c894c820ff
commit c894c820ff
parent 05a607526e
1 changed files with 6 additions and 0 deletions
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@ -2615,10 +2615,16 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
 	if (sm->rx_replay_counter_set &&
 	    os_memcmp(key->replay_counter, sm->rx_replay_counter,
 		      WPA_REPLAY_COUNTER_LEN) <= 0) {
+#ifndef CONFIG_TESTING_OPTIONS
 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 			"WPA: EAPOL-Key Replay Counter did not increase - "
 			"dropping packet");
 		goto out;
+#else /* CONFIG_TESTING_OPTIONS */
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA: Ignoring that EAPOL-Key Replay Counter did "
+			"not increase - can happen during rekeys");
+#endif /* CONFIG_TESTING_OPTIONS */
 	}

 	if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {