From: Markus Theil Date: Sat, 11 Apr 2020 10:25:18 +0000 (+0200) Subject: nl80211: Check ethertype for control port RX X-Git-Tag: hostap_2_10~1440 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f70fcd986de35a13808a8f87bc1f7b2ba0765e4;p=thirdparty%2Fhostap.git nl80211: Check ethertype for control port RX nl80211 control port event handling previously did not differentiate between EAPOL and RSN preauth ethertypes. Add checking of the ethertype and report unexpected frames (only EAPOL frames are supposed to be delivered through this path). Signed-off-by: Markus Theil --- diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index d4ca2eb29..6c4fd68c9 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -2505,12 +2505,34 @@ static void nl80211_sta_opmode_change_event(struct wpa_driver_nl80211_data *drv, static void nl80211_control_port_frame(struct wpa_driver_nl80211_data *drv, struct nlattr **tb) { - if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_FRAME]) + u8 *src_addr; + u16 ethertype; + + if (!tb[NL80211_ATTR_MAC] || + !tb[NL80211_ATTR_FRAME] || + !tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) return; - drv_event_eapol_rx(drv->ctx, nla_data(tb[NL80211_ATTR_MAC]), - nla_data(tb[NL80211_ATTR_FRAME]), - nla_len(tb[NL80211_ATTR_FRAME])); + src_addr = nla_data(tb[NL80211_ATTR_MAC]); + ethertype = nla_get_u16(tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); + + switch (ethertype) { + case ETH_P_RSN_PREAUTH: + wpa_printf(MSG_INFO, "nl80211: Got pre-auth frame from " + MACSTR " over control port unexpectedly", + MAC2STR(src_addr)); + break; + case ETH_P_PAE: + drv_event_eapol_rx(drv->ctx, src_addr, + nla_data(tb[NL80211_ATTR_FRAME]), + nla_len(tb[NL80211_ATTR_FRAME])); + break; + default: + wpa_printf(MSG_INFO, "nl80211: Unxpected ethertype 0x%04x from " + MACSTR " over control port", + ethertype, MAC2STR(src_addr)); + break; + } }