mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
PMF: Do not start SA Query procedure if there is no association
Previous implementation ended up triggering PMF check for previous association and SA Query procedure incorrectly in cases where there is a STA entry in hostapd, but that STA is not in associated state. This resulted in undesired temporary rejection of the association with status code 30. This ended up breaking OWE group negotiation when PMF is in use since the check for the OWE group would have happened only after this earlier PMF check and rejection (i.e., the station got status code 30 instead of the expected 77). For example, when the AP is configured with OWE group 21 and a station tries groups 19, 20, and 21 (in this sequence), the first two Association Request frames should be rejected with status code 77. However, only the first one got that status code while the second one got status code 30 due to that issue with PMF existing association check. Furthermore, hostapd was continuing with SA Query procedure with unencrypted Action frames in this type of case even though there was no existing association (and obviously, not an encryption key either). Fix this by checking that the STA entry is in associated state before initiating SA Query procedure based on the PMF rules. Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
This commit is contained in:
parent
97e27300f4
commit
edb28006c4
@ -338,10 +338,14 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
||||
goto fail;
|
||||
}
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
sta->sa_query_count > 0)
|
||||
ap_check_sa_query_timeout(hapd, sta);
|
||||
if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
(sta->auth_alg != WLAN_AUTH_FT)) {
|
||||
/*
|
||||
* STA has already been associated with MFP and SA
|
||||
|
@ -2585,10 +2585,14 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
||||
if (resp != WLAN_STATUS_SUCCESS)
|
||||
return resp;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
sta->sa_query_count > 0)
|
||||
ap_check_sa_query_timeout(hapd, sta);
|
||||
if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
|
||||
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
|
||||
(WLAN_STA_ASSOC | WLAN_STA_MFP) &&
|
||||
!sta->sa_query_timed_out &&
|
||||
(!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
|
||||
/*
|
||||
* STA has already been associated with MFP and SA
|
||||
|
Loading…
Reference in New Issue
Block a user