FT: Discard ReassocReq with mismatching RSNXE Used value

Discard the FT Reassociation Request frame instead of rejecting it
(i.e., do not send Reassociation Response frame) if RSNXE Used is
indicated in FTE, but no RSNXE is included even though the AP is
advertising RSNXE.

While there is not really much of a difference between discarding and
rejecting the frame, this discarding behavior is what the standard says
for this type of an error case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 559bb87c213e726cddcb3ecd9432ab196292ba42..524a15132b8ad9a10a530f48b9c6403dd0788ccf 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -117,7 +117,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
        u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
        u8 *p = buf;
        u16 reason = WLAN_REASON_UNSPECIFIED;
-       u16 status = WLAN_STATUS_SUCCESS;
+       int status = WLAN_STATUS_SUCCESS;
        const u8 *p2p_dev_addr = NULL;
 
        if (addr == NULL) {
@@ -606,17 +606,19 @@ skip_wpa_check:
            wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
            elems.owe_dh) {
                u8 *npos;
+               u16 ret_status;
 
                npos = owe_assoc_req_process(hapd, sta,
                                             elems.owe_dh, elems.owe_dh_len,
                                             p, sizeof(buf) - (p - buf),
-                                            &status);
+                                            &ret_status);
+               status = ret_status;
                if (npos)
                        p = npos;
 
                if (!npos &&
                    status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
-                       hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
+                       hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf,
                                          p - buf);
                        return 0;
                }
@@ -709,7 +711,8 @@ skip_wpa_check:
 
 fail:
 #ifdef CONFIG_IEEE80211R_AP
-       hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
+       if (status >= 0)
+               hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
 #endif /* CONFIG_IEEE80211R_AP */
        hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
        ap_free_sta(hapd, sta);

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 2a5f6e5ec7a235b426bf1753f0d06a4377a9f44d..28ac7aa4b283ea072b662ed84473b8531dd7092d 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3104,11 +3104,11 @@ end:
 #endif /* CONFIG_OWE */
 
 
-static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
+static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
                           const u8 *ies, size_t ies_len, int reassoc)
 {
        struct ieee802_11_elems elems;
-       u16 resp;
+       int resp;
        const u8 *wpa_ie;
        size_t wpa_ie_len;
        const u8 *p2p_dev_addr = NULL;
@@ -4075,7 +4075,8 @@ static void handle_assoc(struct hostapd_data *hapd,
                         int reassoc, int rssi)
 {
        u16 capab_info, listen_interval, seq_ctrl, fc;
-       u16 resp = WLAN_STATUS_SUCCESS, reply_res;
+       int resp = WLAN_STATUS_SUCCESS;
+       u16 reply_res;
        const u8 *pos;
        int left, i;
        struct sta_info *sta;
@@ -4449,8 +4450,9 @@ static void handle_assoc(struct hostapd_data *hapd,
        }
 #endif /* CONFIG_FILS */
 
-       reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
-                                   left, rssi, omit_rsnxe);
+       if (resp >= 0)
+               reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc,
+                                           pos, left, rssi, omit_rsnxe);
        os_free(tmp);
 
        /*

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index fafabe9c5395960deae8d105fa9d5013306c5f9f..c122211947c2b4ba933c96caa09c3d95b2400b1b 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -441,7 +441,7 @@ void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
                                    u16 auth_transaction, u16 resp,
                                    const u8 *ies, size_t ies_len),
                         void *ctx);
-u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
                            size_t ies_len);
 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 4ca18ab6bcf91c62895fd033bc66334d63dc7f27..30e801a3ac763b2d954eb3a1c1428ad3c82d7da8 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -3247,7 +3247,7 @@ void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
 }
 
 
-u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
                            size_t ies_len)
 {
        struct wpa_ft_ies parse;
@@ -3445,7 +3445,7 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
            !parse.rsnxe) {
                wpa_printf(MSG_INFO,
                           "FT: FTE indicated that STA uses RSNXE, but RSNXE was not included");
-               return WLAN_STATUS_UNSPECIFIED_FAILURE;
+               return -1; /* discard request */
        }
 
 #ifdef CONFIG_OCV