diff mbox

[v2,3/4] mesh: Fix reception of confirm frame with error status code

Message ID 1417051694-3425-1-git-send-email-masashi.honma@gmail.com
State Superseded
Headers show

Commit Message

Masashi Honma Nov. 27, 2014, 1:28 a.m. UTC 
When sae_check_confirm() failed, confirm frame would be sent without data.
This causes "SAE: Too short confirm message" to opposite STA and this result in
continuous frame exchange on mesh BSS.
---
 src/ap/ieee802_11.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Jouni Malinen Dec. 14, 2014, 10:11 p.m. UTC | #1 
On Thu, Nov 27, 2014 at 10:28:14AM +0900, Masashi Honma wrote:
> When sae_check_confirm() failed, confirm frame would be sent without data.
> This causes "SAE: Too short confirm message" to opposite STA and this result in
> continuous frame exchange on mesh BSS.

Checking Status Code itself is fine, but this does not work on big
endian CPU:

> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -716,6 +716,13 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
> +		if (mgmt->u.auth.status_code != WLAN_STATUS_SUCCESS) {
> +			wpa_printf(MSG_ERROR,
> +				   "SAE: Drop Confirm Message with status code=%d",
> +				   mgmt->u.auth.status_code);
> +			return;
> +		}

That mgmt->u.auth.status_code is little endian.

I would have also needed Signed-off-by: line in the commit message to be
able to apply this. Anyway, I'm covering this area with the more generic
change that adds more status code validation steps (and fixes similar
byte order issue in anti-clogging token case on mesh).
Masashi Honma Dec. 15, 2014, 5:56 a.m. UTC | #2 
On 2014年12月15日 07:11, Jouni Malinen wrote:

> Checking Status Code itself is fine, but this does not work on big
> endian CPU

Yes. Indeed.

> Anyway, I'm covering this area with the more generic
> change that adds more status code validation steps (and fixes similar
> byte order issue in anti-clogging token case on mesh).

Great! Thank you.
diff mbox

Patch

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 1dbd996..8e04dfa 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -716,6 +716,13 @@  static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_DEBUG,
 			       "SAE authentication (RX confirm)");
+		if (mgmt->u.auth.status_code != WLAN_STATUS_SUCCESS) {
+			wpa_printf(MSG_ERROR,
+				   "SAE: Drop Confirm Message with status code=%d",
+				   mgmt->u.auth.status_code);
+			return;
+		}
+
 		if (sta->sae->state >= SAE_CONFIRMED ||
 		    !(hapd->conf->mesh & MESH_ENABLED)) {
 			if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,