From edaf1abf563863bb94cf338d7377bd36210c83f3 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@nyu.edu>
Date: Sun, 28 Jun 2020 09:29:08 +0400
Subject: [PATCH] fragattack: ignore unrelated messages on wpaspy control
 channel

---
 hostapd/ctrl_iface.c        | 20 ++++++++++++++++++++
 research/fraginternals.py   | 10 ++++++++--
 wpa_supplicant/ctrl_iface.c | 20 ++++++++++++++++++++
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index dc87c6f00..ef03f3da0 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -3118,6 +3118,14 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
 					      socklen_t fromlen)
 {
 	int reply_len, res;
+	int console = 0;
+
+#ifdef CONFIG_TESTING_OPTIONS
+	if (os_strncmp(buf, "> ", 2) == 0) {
+		console = 1;
+		buf += 2;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
 
 	os_memcpy(reply, "OK\n", 3);
 	reply_len = 3;
@@ -3600,6 +3608,18 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
 		reply_len = 5;
 	}
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (console) {
+		if (reply_len + 2 >= reply_size)
+			reply = os_realloc(reply, reply_size + 2);
+
+		memmove(reply + 2, reply, reply_len);
+		reply[0] = '>';
+		reply[1] = ' ';
+		reply_len += 2;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	return reply_len;
 }
 
diff --git a/research/fraginternals.py b/research/fraginternals.py
index 00fab352c..b7615e99a 100644
--- a/research/fraginternals.py
+++ b/research/fraginternals.py
@@ -19,14 +19,20 @@ def wpaspy_clear_messages(ctrl):
 #TODO: Modify so we can ignore other messages over the command interface
 def wpaspy_command(ctrl, cmd):
 	wpaspy_clear_messages(ctrl)
-	rval = ctrl.request(cmd)
+
+	# Include console prefix so we can ignore other messages sent over the control interface
+	rval = ctrl.request("> " + cmd)
+	while not rval.startswith("> "):
+		rval = ctrl.recv()
+
 	if "UNKNOWN COMMAND" in rval:
 		log(ERROR, "wpa_supplicant did not recognize the command %s. Did you (re)compile wpa_supplicant?" % cmd.split()[0])
 		quit(1)
 	elif "FAIL" in rval:
 		log(ERROR, f"Failed to execute command {cmd}")
 		quit(1)
-	return rval
+
+	return rval[2:]
 
 def argv_pop_argument(argument):
 	if not argument in sys.argv: return False
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 67c13b4fa..ab63cdc7b 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -10141,6 +10141,14 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 	char *reply;
 	const int reply_size = 4096;
 	int reply_len;
+	int console = 0;
+
+#ifdef CONFIG_TESTING_OPTIONS
+	if (os_strncmp(buf, "> ", 2) == 0) {
+		console = 1;
+		buf += 2;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
 
 	if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 ||
 	    os_strncmp(buf, "SET_NETWORK ", 12) == 0 ||
@@ -11027,6 +11035,18 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 		reply_len = 5;
 	}
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (console) {
+		if (reply_len + 2 >= reply_size)
+			reply = os_realloc(reply, reply_size + 2);
+
+		memmove(reply + 2, reply, reply_len);
+		reply[0] = '>';
+		reply[1] = ' ';
+		reply_len += 2;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	*resp_len = reply_len;
 	return reply;
 }