fragattacks/src/l2_packet
Jouni Malinen 64845c1f1a l2_packet: Extend bridge workaround RX processing to cover two frames
There was a race condition in how the l2_packet sockets got read that
could result in the same socket (e.g., non-bridge) to process both the
EAP-Success and the immediately following EAPOL-Key msg 1/4 instead of
each frame going in alternative order between the bridge and non-bridge
sockets. This could be hit, e.g., if the wpa_supplicant process did not
have enough CPU to process all the incoming frames without them getting
buffered and both sockets reporting frames simultaneously.

This resulted in the duplicated EAP-Success frame getting delivered
twice for processing and likely also the EAPOL-Key msg 1/4 getting
processed twice. While the latter does not do much harm, the former did
clear the EAP authentication state and could result in issues.

Fix this by extended the l2_packet Linux packet socket workaround for
bridge to check for duplicates against the last two received frames
instead of just the last one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-07 13:30:59 +02:00
..
l2_packet_freebsd.c Work around Linux packet socket regression 2015-01-31 17:21:58 +02:00
l2_packet_linux.c l2_packet: Extend bridge workaround RX processing to cover two frames 2016-01-07 13:30:59 +02:00
l2_packet_ndis.c Work around Linux packet socket regression 2015-01-31 17:21:58 +02:00
l2_packet_none.c Work around Linux packet socket regression 2015-01-31 17:21:58 +02:00
l2_packet_pcap.c Fix wpa_supplicant build with CONFIG_L2_PACKET=pcap 2016-01-01 16:50:24 +02:00
l2_packet_privsep.c Work around Linux packet socket regression 2015-01-31 17:21:58 +02:00
l2_packet_winpcap.c Work around Linux packet socket regression 2015-01-31 17:21:58 +02:00
l2_packet.h Work around Linux packet socket regression 2015-01-31 17:21:58 +02:00
Makefile tests: Add eapol-fuzzer 2015-04-22 11:44:19 +03:00