Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-28 18:28:23 -05:00
Code Issues Projects Releases Wiki Activity

Update AP WPA/RSN IE on all associations if driver can select BSS

Browse Source 
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.

Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Sunil Dutt 2015-09-17 10:30:42 +00:00 committed by Jouni Malinen
parent 43fa110b0b
commit ce7d0eb184
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
wpa_supplicant/events.c
View File

@ -2067,6 +2067,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
{ {
u8 bssid[ETH_ALEN]; u8 bssid[ETH_ALEN];
int ft_completed; int ft_completed;
int new_bss = 0;
#ifdef CONFIG_AP #ifdef CONFIG_AP
if (wpa_s->ap_iface) { if (wpa_s->ap_iface) {
@ -2098,6 +2099,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
if (os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) { if (os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) {
wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID=" wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
MACSTR, MAC2STR(bssid)); MACSTR, MAC2STR(bssid));
new_bss = 1;
random_add_randomness(bssid, ETH_ALEN); random_add_randomness(bssid, ETH_ALEN);
os_memcpy(wpa_s->bssid, bssid, ETH_ALEN); os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
@ -2111,13 +2113,13 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
wpa_s, WLAN_REASON_DEAUTH_LEAVING); wpa_s, WLAN_REASON_DEAUTH_LEAVING);
return; return;
} }
}
if (wpa_s->conf->ap_scan == 1 && if (wpa_s->conf->ap_scan == 1 &&
wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) { wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) {
if (wpa_supplicant_assoc_update_ie(wpa_s) < 0) if (wpa_supplicant_assoc_update_ie(wpa_s) < 0 && new_bss)
wpa_msg(wpa_s, MSG_WARNING, wpa_msg(wpa_s, MSG_WARNING,
"WPA/RSN IEs not updated"); "WPA/RSN IEs not updated");
}
} }
#ifdef CONFIG_SME #ifdef CONFIG_SME