From patchwork Thu Jan 21 15:40:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 1429921 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=yWt1D7al; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DM68b4rlBz9sVX for ; Fri, 22 Jan 2021 02:42:23 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=zLvjz3nOnRxR1IK4ZQJmf+Sgc4/e1F2rmhx69qAKOow=; b=yWt1D7alFWZ2W2/35PqKkiwg2 r+c5rf6psTH0RN8N2Cp706wu9RxmYqez48pGNxK31yEzCn4Sys6HT/O4XYJZfckwJtygg0OL8u3SW 6Lk+Zhlr/FHlPBjeMHoRiescxsZkF1DSPTfLWrriQrZtCV54/T5Z48OjMG+vv7vjOjuicqmllpUqM 43t8iXkQiNnHJVVLXZocZVjINcqAKke7rpI0tMAyqDwpvItorM4Y9J0fnJZXdrjRhWKWwNYUQTgxe 85pRPErOQ8D5v62lTQ61kuh/papttVrSMP83dluyr2jaa3k5hbyeEmWrECgzn+WsCPIi9JYREJL7n 01B3MEISQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l2c59-0000Av-UJ; Thu, 21 Jan 2021 15:41:11 +0000 Received: from mga04.intel.com ([192.55.52.120]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1l2c56-00009A-Fj for hostap@lists.infradead.org; Thu, 21 Jan 2021 15:41:09 +0000 IronPort-SDR: VkAepFo4DtUTQBmRrjjbji49Q4Gco/i0qH4kew6lvR5gRe/E85MGZQM686H9HoftUtB2SEd5PQ F7/NFKcGr+kQ== X-IronPort-AV: E=McAfee;i="6000,8403,9870"; a="176715212" X-IronPort-AV: E=Sophos;i="5.79,364,1602572400"; d="scan'208";a="176715212" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2021 07:41:06 -0800 IronPort-SDR: jctyw2Kjs4ucBQIn0FuyUxsX4y6aDPJGSYWJviJDbPSPkDP8J0a6rFC81TJN+32zT1k8M2Es/5 Xxp2PY0WA6cA== X-IronPort-AV: E=Sophos;i="5.79,364,1602572400"; d="scan'208";a="385350095" Received: from ramilaux-mobl2.ger.corp.intel.com (HELO aotchere-desk.ger.corp.intel.com) ([10.214.246.158]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2021 07:41:04 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 1/2] WPA: Ignore RSNX element in WPA connection Date: Thu, 21 Jan 2021 17:40:33 +0200 Message-Id: <20210121154037.32654-2-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20210121154037.32654-1-andrei.otcheretianski@intel.com> References: <20210121154037.32654-1-andrei.otcheretianski@intel.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210121_104108_664651_F1DFD1EF X-CRM114-Status: GOOD ( 12.23 ) X-Spam-Score: -2.3 (--) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [192.55.52.120 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andrei Otcheretianski Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org When an AP publishes both RSN, RSNX and WPA IE, it incorrectly removes the RSN IE in the EAPOL 3/4 message if the STA associates with WPA, leaving only RSNXE instead of WPA IE. WPA STA fails to connect to such AP as the WPA IE is missing. Since RSNX is not really needed in non RSN connection, just remove it. In addition, make sure that the non RSN STA doesn't store and validate RSNX element which would be "missing" now in EAPOL 3/4 message. Signed-off-by: Andrei Otcheretianski --- src/ap/wpa_auth.c | 4 ++++ src/rsn_supp/wpa.c | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 82a97468d6..6e0d7097c9 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -3353,6 +3353,8 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) wpa_ie_len > wpa_ie[1] + 2U && wpa_ie[0] == WLAN_EID_RSN) { /* WPA-only STA, remove RSN IE and possible MDIE */ wpa_ie = wpa_ie + wpa_ie[1] + 2; + if (wpa_ie[0] == WLAN_EID_RSNX) + wpa_ie = wpa_ie + wpa_ie[1] + 2; if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN) wpa_ie = wpa_ie + wpa_ie[1] + 2; wpa_ie_len = wpa_ie[1] + 2; @@ -5355,6 +5357,8 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) { /* WPA-only STA, remove RSN IE and possible MDIE */ wpa_ie = wpa_ie + wpa_ie[1] + 2; + if (wpa_ie[0] == WLAN_EID_RSNX) + wpa_ie = wpa_ie + wpa_ie[1] + 2; if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN) wpa_ie = wpa_ie + wpa_ie[1] + 2; wpa_ie_len = wpa_ie[1] + 2; diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index e07527ba57..cb7de585f4 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -3701,13 +3701,15 @@ int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len) if (!sm) return -1; - os_free(sm->ap_rsnxe); if (!ie || len == 0) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: clearing AP RSNXE"); + os_free(sm->ap_rsnxe); sm->ap_rsnxe = NULL; sm->ap_rsnxe_len = 0; - } else { + } else if (sm->proto == WPA_PROTO_RSN) { + /* Store RSNXE for RSN connections only */ wpa_hexdump(MSG_DEBUG, "WPA: set AP RSNXE", ie, len); + os_free(sm->ap_rsnxe); sm->ap_rsnxe = os_memdup(ie, len); if (!sm->ap_rsnxe) return -1;