FragAttacks: Fragmentation & Aggregation Attacks
Go to file
Kevin Lund cff545720e wpa_supplicant: Clear blacklist when SSID configs change
If the stored configurations for an SSID have changed, we can no longer
trust the current blacklist state of that SSID, since the updated
configs could change the behavior of the network. E.g., the BSS could be
blacklisted due to a bad password, and the config could be updated to
store the correct password. In this case, keeping the BSS in the
blacklist will prevent the user from connecting to the BSS after the
correct password has been updated.

Add the value was_changed_recently to the wpa_ssid struct. Update this
value every time a config is changed through wpa_set_config(). Check
this value in wpa_blacklist_get() to clear the blacklist whenever the
configs of current_ssid have changed.

This solution was chosen over simply clearing the blacklist whenever
configs change because the user should be able to change configs on an
inactive SSID without affecting the blacklist for the currently active
SSID. This way, the blacklist won't be cleared until the user attempts
to connect to the inactive network again. Furthermore, the blacklist is
stored per-BSSID while configs are stored per-SSID, so we don't have the
option to just clear out certain blacklist entries that would be
affected by the configs.

Finally, the function wpa_supplicant_reload_configuration() causes the
configs to be reloaded from scratch, so after a call to this function
all bets are off as to the relevance of our current blacklist state.
Thus, we clear the entire blacklist within this function.

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 18:34:59 +03:00
doc DBus: Add "sae" to interface key_mgmt capabilities 2020-02-29 18:01:23 +02:00
eap_example build: Put object files into build/ folder 2020-10-10 12:51:39 +03:00
hostapd build: Remove hostapd vs. wpa_supplicant build checks 2020-10-10 12:53:38 +03:00
hs20 build: Put object files into build/ folder 2020-10-10 12:51:39 +03:00
radius_example build: Put object files into build/ folder 2020-10-10 12:51:39 +03:00
src build: Allow overriding BUILDDIR from command line 2020-10-10 13:06:53 +03:00
tests tests: Prepare ap_blacklist_all for implementation change 2020-10-10 18:34:59 +03:00
wlantest build: Put object files into build/ folder 2020-10-10 12:51:39 +03:00
wpa_supplicant wpa_supplicant: Clear blacklist when SSID configs change 2020-10-10 18:34:59 +03:00
wpadebug wpadebug: Allow WebView to parse and load clear text (HTTP) 2019-06-20 00:33:43 +03:00
wpaspy wpaspy: Be a bit more careful on detaching the control interface 2020-06-01 22:25:12 +03:00
.gitignore build: Put object files into build/ folder 2020-10-10 12:51:39 +03:00
Android.mk Treat VER_2_1_DEVEL the same as VER_0_8_X 2013-12-14 21:23:39 -08:00
build_release Drop OpenSSL 0.9.8 patches to add EAP-FAST support 2016-01-13 00:17:27 +02:00
CONTRIBUTIONS Update copyright notices for the new year 2019 2019-01-01 23:38:56 +02:00
COPYING Update copyright notices for the new year 2019 2019-01-01 23:38:56 +02:00
README Update copyright notices for the new year 2019 2019-01-01 23:38:56 +02:00

wpa_supplicant and hostapd
--------------------------

Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.

These programs are licensed under the BSD license (the one with
advertisement clause removed).

If you are submitting changes to the project, please see CONTRIBUTIONS
file for more instructions.


This package may include either wpa_supplicant, hostapd, or both. See
README file respective subdirectories (wpa_supplicant/README or
hostapd/README) for more details.

Source code files were moved around in v0.6.x releases and compared to
earlier releases, the programs are now built by first going to a
subdirectory (wpa_supplicant or hostapd) and creating build
configuration (.config) and running 'make' there (for Linux/BSD/cygwin
builds).


License
-------

This software may be distributed, used, and modified under the terms of
BSD license:

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

3. Neither the name(s) of the above-listed copyright holder(s) nor the
   names of its contributors may be used to endorse or promote products
   derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.