From patchwork Wed Mar  2 16:50:26 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eliad Peller <eliad@wizery.com>
X-Patchwork-Id: 591043
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2001:1868:205::9])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id D81F41402CD
	for <incoming@patchwork.ozlabs.org>;
	Thu,  3 Mar 2016 03:51:16 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=wizery-com.20150623.gappssmtp.com
	header.i=@wizery-com.20150623.gappssmtp.com header.b=vO1J2eJo;
	dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1ab9zE-0006Ku-Ru; Wed, 02 Mar 2016 16:50:56 +0000
Received: from mail-wm0-x22f.google.com ([2a00:1450:400c:c09::22f])
	by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
	Linux)) id 1ab9zC-0006DU-Ht
	for hostap@lists.infradead.org; Wed, 02 Mar 2016 16:50:55 +0000
Received: by mail-wm0-x22f.google.com with SMTP id n186so95051196wmn.1
	for <hostap@lists.infradead.org>;
	Wed, 02 Mar 2016 08:50:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=wizery-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:subject:date:message-id;
	bh=3r9b6jbpL1Pu2ZVmrsXntjuZFbKF4ByaYvEDU18y/I4=;
	b=vO1J2eJoRfhdAG5xxvM9gL7qOE4kdxZfHifd1Enf+MFU83hZ5w4xxq/A6C1WjDd4Vi
	idg8jk25TFXUaJaYL6uhl9YRNj+18luNo7Q6yysB9slRkaKOaYaoE5tuIBLXi7J87zX7
	2WWkPjxQ2U3+3NXXZhjkoyj+tTOUBIeMx7YHNkR0g3g003X1BliYYHlwYX7RD7qiq0uC
	RwyLGmld9BrXJhPcnu4n6ctgQtapH72HtXj11OqK3ABWE+SB+l7DiUHfXaR1QccMZjqz
	StqLczO2avS99m0LfdX1ALZ9Kq0VXzzBqgYNFNME0Wi0OtRbtuASoqjq4Oq7nqMqi0aY
	neLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id;
	bh=3r9b6jbpL1Pu2ZVmrsXntjuZFbKF4ByaYvEDU18y/I4=;
	b=I54f0Hjehuy6vqZr6B5vzNZtMnn5YQ3t2hk/PYVmXQN6BR4q1XvRce3Gk6Z8XpFtx6
	tV3SRoQSjcN5xKl6yHkKf4jCZBR4WdyN3Tv3miXoMILzLrpftG+S/qyCZRAL8VavCp7I
	3NCYZXMa6SZ8DL0WRFOUGClb2N2x2yrTbEU1TvcR1po4p22MtAZ260q+AiNIeql0g98E
	4XzYeIpypKvmRWh6laQHgCTx0KuspM2jlnexW8K/Hc4CULnwp91M5dSKotzxFy2/YpO5
	d+nHzWZAHRgURugjzn4otMcWMwZgZsd+1G4PL5k8e3n+jMpn1eBDccyhkLgx+JJ9Xuba
	krKQ==
X-Gm-Message-State: 
 AD7BkJLHjWJvW+VRLARl6HqG6gDa3feW6snQLJHYlrw2CCxd8J3LvcXFeSYai5Yjhcud5g==
X-Received: by 10.28.135.4 with SMTP id j4mr955819wmd.80.1456937430824;
	Wed, 02 Mar 2016 08:50:30 -0800 (PST)
Received: from localhost.localdomain (85-250-74-83.bb.netvision.net.il.
	[85.250.74.83]) by smtp.gmail.com with ESMTPSA id
	63sm5034721wms.1.2016.03.02.08.50.29
	for <hostap@lists.infradead.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 02 Mar 2016 08:50:30 -0800 (PST)
From: Eliad Peller <eliad@wizery.com>
To: hostap@lists.infradead.org
Subject: [PATCH] AP: save EAPOL received before assoc resp
Date: Wed,  2 Mar 2016 18:50:26 +0200
Message-Id: <1456937426-8128-1-git-send-email-eliad@wizery.com>
X-Mailer: git-send-email 2.6.3
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160302_085054_782932_EF6898D1 
X-CRM114-Status: GOOD (  11.02  )
X-Spam-Score: -2.6 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
	Content analysis details:   (-2.6 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
	low
	trust [2a00:1450:400c:c09:0:0:0:22f listed in] [list.dnswl.org]
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

There is a race condition in which wpa_supplicant might
receive the EAPOL-Start frame (from the just-associated
station) before the tx completion of the assoc response.

This in turn will cause the EAPOL-Start frame to get
dropped, and potentially failing the connection.

Solve this by saving EAPOLs from authenticated-but-not-
associated stations, and handling them during the assoc
response tx completion processing.

Signed-off-by: Eliad Peller <eliad@wizery.com>
---
 src/ap/ieee802_11.c | 19 +++++++++++++++++++
 src/ap/ieee802_1x.c | 15 +++++++++++++++
 src/ap/sta_info.h   |  4 ++++
 3 files changed, 38 insertions(+)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index b36e68d..d221825 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2782,6 +2782,25 @@ static void handle_assoc_cb(struct hostapd_data *hapd,
 		wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
 	hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
+
+	if (sta->pending_eapol_rx) {
+		struct os_reltime now, age;
+		os_get_reltime(&now);
+		os_reltime_sub(&now, &sta->pending_eapol_rx_time, &age);
+		if (age.sec == 0 && age.usec < 200000 &&
+		    os_memcmp(sta->pending_eapol_rx_src,
+			      mgmt->da, ETH_ALEN) == 0) {
+			wpa_printf(MSG_DEBUG, "Process pending EAPOL "
+				   "frame that was received just before "
+				   "association notification");
+			ieee802_1x_receive(
+				hapd, sta->pending_eapol_rx_src,
+				wpabuf_head(sta->pending_eapol_rx),
+				wpabuf_len(sta->pending_eapol_rx));
+		}
+		wpabuf_free(sta->pending_eapol_rx);
+		sta->pending_eapol_rx = NULL;
+	}
 }
 
 
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index c774d5c..e34d0d3 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -891,6 +891,18 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
 		     !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED))) {
 		wpa_printf(MSG_DEBUG, "IEEE 802.1X data frame from not "
 			   "associated/Pre-authenticating STA");
+
+		if (sta && (sta->flags & WLAN_STA_AUTH)) {
+			wpa_printf(MSG_DEBUG, "Saving EAPOL for later use");
+			wpabuf_free(sta->pending_eapol_rx);
+			sta->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
+			if (sta->pending_eapol_rx) {
+				os_get_reltime(&sta->pending_eapol_rx_time);
+				os_memcpy(sta->pending_eapol_rx_src, sa,
+					  ETH_ALEN);
+			}
+		}
+
 		return;
 	}
 
@@ -1183,6 +1195,9 @@ void ieee802_1x_free_station(struct hostapd_data *hapd, struct sta_info *sta)
 	eloop_cancel_timeout(ieee802_1x_wnm_notif_send, hapd, sta);
 #endif /* CONFIG_HS20 */
 
+	wpabuf_free(sta->pending_eapol_rx);
+	sta->pending_eapol_rx = NULL;
+
 	if (sm == NULL)
 		return;
 
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index e223341..ecba920 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -113,6 +113,10 @@ struct sta_info {
 	/* IEEE 802.1X related data */
 	struct eapol_state_machine *eapol_sm;
 
+	struct wpabuf *pending_eapol_rx;
+	struct os_reltime pending_eapol_rx_time;
+	u8 pending_eapol_rx_src[ETH_ALEN];
+
 	u64 acct_session_id;
 	struct os_reltime acct_session_start;
 	int acct_session_started;