Message ID | 1417051694-3425-1-git-send-email-masashi.honma@gmail.com |
---|---|
State | Superseded |
Headers | show |
On Thu, Nov 27, 2014 at 10:28:14AM +0900, Masashi Honma wrote: > When sae_check_confirm() failed, confirm frame would be sent without data. > This causes "SAE: Too short confirm message" to opposite STA and this result in > continuous frame exchange on mesh BSS. Checking Status Code itself is fine, but this does not work on big endian CPU: > diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c > @@ -716,6 +716,13 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, > + if (mgmt->u.auth.status_code != WLAN_STATUS_SUCCESS) { > + wpa_printf(MSG_ERROR, > + "SAE: Drop Confirm Message with status code=%d", > + mgmt->u.auth.status_code); > + return; > + } That mgmt->u.auth.status_code is little endian. I would have also needed Signed-off-by: line in the commit message to be able to apply this. Anyway, I'm covering this area with the more generic change that adds more status code validation steps (and fixes similar byte order issue in anti-clogging token case on mesh).
On 2014年12月15日 07:11, Jouni Malinen wrote: > Checking Status Code itself is fine, but this does not work on big > endian CPU Yes. Indeed. > Anyway, I'm covering this area with the more generic > change that adds more status code validation steps (and fixes similar > byte order issue in anti-clogging token case on mesh). Great! Thank you.
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 1dbd996..8e04dfa 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -716,6 +716,13 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_DEBUG, "SAE authentication (RX confirm)"); + if (mgmt->u.auth.status_code != WLAN_STATUS_SUCCESS) { + wpa_printf(MSG_ERROR, + "SAE: Drop Confirm Message with status code=%d", + mgmt->u.auth.status_code); + return; + } + if (sta->sae->state >= SAE_CONFIRMED || !(hapd->conf->mesh & MESH_ENABLED)) { if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,