Message ID | 20120122102612.GB5805@w1.fi |
---|---|
State | Accepted |
Headers | show |
Hi, On Sun, Jan 22, 2012 at 11:26 AM, Jouni Malinen <j@w1.fi> wrote: > It looks like we need to do that taken into account that this issue has > apparently been reported with number of deployed devices. I would have > preferred not doing this, but well, since lack of the validation should > not open security issues, I committed the following change as a > workaround for interoperability issues. Could you please confirm that it > resolves the issue with the station device you tested with? I've just tested your patch with the affected device, works like a charm! Thanks. Felix, you might want to add Jounis patch to the openwrt tree? Helmut > commit 74590e710f65134522b9a654609ac38d0ce54852 > Author: Jouni Malinen <j@w1.fi> > Date: Sun Jan 22 12:23:28 2012 +0200 > > Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode > > Some deployed station implementations seem to send msg 4/4 with > incorrect type value in WPA2 mode. Add a workaround to ignore that issue > so that such stations can interoperate with hostapd authenticator. The > validation checks were added in commit > f8e96eb6fd960a017793942cff0eb43b09f444c6. > > Signed-hostap: Jouni Malinen <j@w1.fi> > > diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c > index 9da5609..c4d77bf 100644 > --- a/src/ap/wpa_auth.c > +++ b/src/ap/wpa_auth.c > @@ -795,7 +795,14 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, > } > > if (sm->wpa == WPA_VERSION_WPA2) { > - if (key->type != EAPOL_KEY_TYPE_RSN) { > + if (key->type == EAPOL_KEY_TYPE_WPA) { > + /* > + * Some deployed station implementations seem to send > + * msg 4/4 with incorrect type value in WPA2 mode. > + */ > + wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key " > + "with unexpected WPA type in RSN mode"); > + } else if (key->type != EAPOL_KEY_TYPE_RSN) { > wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " > "unexpected type %d in RSN mode", > key->type); > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 9da5609..c4d77bf 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -795,7 +795,14 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, } if (sm->wpa == WPA_VERSION_WPA2) { - if (key->type != EAPOL_KEY_TYPE_RSN) { + if (key->type == EAPOL_KEY_TYPE_WPA) { + /* + * Some deployed station implementations seem to send + * msg 4/4 with incorrect type value in WPA2 mode. + */ + wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key " + "with unexpected WPA type in RSN mode"); + } else if (key->type != EAPOL_KEY_TYPE_RSN) { wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " "unexpected type %d in RSN mode", key->type);