From: Jouni Malinen <j@w1.fi>
Date: Wed, 11 Sep 2019 13:01:57 +0000 (+0300)
Subject: More consistent SA check for unexpected Data frames
X-Git-Tag: hostap_2_10~2361
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3394def5a82008cf056182e54e037e19129afee5;p=thirdparty%2Fhostap.git

More consistent SA check for unexpected Data frames

Use the same rules for dropping driver notifications for Data frames
from unassociated stations as were added for Management frame reception.
This results in more consistent behavior in sending out Deauthentication
frames with Reason Code 6/7.

This case was already checking for unexpected multicast addresses, so
there was no issue for the PMF protections for unexpected disconnection.
Anyway, better avoid unnecessary Deauthentication frames consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 2c43ab1ab..2ef490b8b 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -5248,8 +5248,10 @@ void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
 
 	wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
 		   MACSTR, MAC2STR(src));
-	if (is_multicast_ether_addr(src)) {
-		/* Broadcast bit set in SA?! Ignore the frame silently. */
+	if (is_multicast_ether_addr(src) || is_zero_ether_addr(src) ||
+	    os_memcmp(src, hapd->own_addr, ETH_ALEN) == 0) {
+		/* Broadcast bit set in SA or unexpected SA?! Ignore the frame
+		 * silently. */
 		return;
 	}