Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Jul 2018 17:49:39 +0000 (UTC)
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r336496 - vendor/wpa/dist/src/rsn_supp
Message-ID:  <201807191749.w6JHndcv062228@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: cy
Date: Thu Jul 19 17:49:39 2018
New Revision: 336496
URL: https://svnweb.freebsd.org/changeset/base/336496

Log:
  Import upline security patch: FILS: Do not allow multiple
  (Re)Association Response frames. This is also upline git commit
  e760851176c77ae6de19821bb1d5bf3ae2cb5187.
  
  Obtained from:	https://w1.fi/security/2017-1/\
  		rebased-v2.6-0008-FT-Do-not-allow-multiple-\
  		Reassociation-Response-fram.patch

Modified:
  vendor/wpa/dist/src/rsn_supp/wpa.c
  vendor/wpa/dist/src/rsn_supp/wpa_ft.c
  vendor/wpa/dist/src/rsn_supp/wpa_i.h

Modified: vendor/wpa/dist/src/rsn_supp/wpa.c
==============================================================================
--- vendor/wpa/dist/src/rsn_supp/wpa.c	Thu Jul 19 17:46:33 2018	(r336495)
+++ vendor/wpa/dist/src/rsn_supp/wpa.c	Thu Jul 19 17:49:39 2018	(r336496)
@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
 #ifdef CONFIG_TDLS
 	wpa_tdls_disassoc(sm);
 #endif /* CONFIG_TDLS */
+#ifdef CONFIG_IEEE80211R
+	sm->ft_reassoc_completed = 0;
+#endif /* CONFIG_IEEE80211R */
 
 	/* Keys are not needed in the WPA state machine anymore */
 	wpa_sm_drop_sa(sm);

Modified: vendor/wpa/dist/src/rsn_supp/wpa_ft.c
==============================================================================
--- vendor/wpa/dist/src/rsn_supp/wpa_ft.c	Thu Jul 19 17:46:33 2018	(r336495)
+++ vendor/wpa/dist/src/rsn_supp/wpa_ft.c	Thu Jul 19 17:49:39 2018	(r336496)
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size
 	u16 capab;
 
 	sm->ft_completed = 0;
+	sm->ft_reassoc_completed = 0;
 
 	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
 		2 + sm->r0kh_id_len + ric_ies_len + 100;
@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, co
 		return -1;
 	}
 
+	if (sm->ft_reassoc_completed) {
+		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
+		return 0;
+	}
+
 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
 		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
 		return -1;
@@ -780,6 +786,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, co
 		wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16);
 		return -1;
 	}
+
+	sm->ft_reassoc_completed = 1;
 
 	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
 		return -1;

Modified: vendor/wpa/dist/src/rsn_supp/wpa_i.h
==============================================================================
--- vendor/wpa/dist/src/rsn_supp/wpa_i.h	Thu Jul 19 17:46:33 2018	(r336495)
+++ vendor/wpa/dist/src/rsn_supp/wpa_i.h	Thu Jul 19 17:49:39 2018	(r336496)
@@ -128,6 +128,7 @@ struct wpa_sm {
 	size_t r0kh_id_len;
 	u8 r1kh_id[FT_R1KH_ID_LEN];
 	int ft_completed;
+	int ft_reassoc_completed;
 	int over_the_ds_in_progress;
 	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
 	int set_ptk_after_assoc;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807191749.w6JHndcv062228>