hostapd: Update to 2.7

[people/pmueller/ipfire-2.x.git] / src / patches / wpa_supplicant / 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch

diff --git a/src/patches/wpa_supplicant/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/src/patches/wpa_supplicant/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
deleted file mode 100644 (file)
index e5c56b8..0000000
--- a/src/patches/wpa_supplicant/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From dc55ea1e483125145459ae1e55be3b95e6263302 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c    | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h  | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index cf9bf1c..ed467e6 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2637,6 +2637,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_FILS
-       sm->fils_completed = 0;
- #endif /* CONFIG_FILS */
-+#ifdef CONFIG_IEEE80211R
-+      sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
- 
-       /* Keys are not needed in the WPA state machine anymore */
-       wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index aeb7aff..1ff7afe 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
-       u16 capab;
- 
-       sm->ft_completed = 0;
-+      sm->ft_reassoc_completed = 0;
- 
-       buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-               2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -687,6 +688,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
-               return -1;
-       }
- 
-+      if (sm->ft_reassoc_completed) {
-+              wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+              return 0;
-+      }
-+
-       if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
-               wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
-               return -1;
-@@ -787,6 +793,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
-               return -1;
-       }
- 
-+      sm->ft_reassoc_completed = 1;
-+
-       if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
-               return -1;
- 
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 3b42245..148c654 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
-       size_t r0kh_id_len;
-       u8 r1kh_id[FT_R1KH_ID_LEN];
-       int ft_completed;
-+      int ft_reassoc_completed;
-       int over_the_ds_in_progress;
-       u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
-       int set_ptk_after_assoc;
--- 
-2.7.4
-