From 8477fa7eb81aa110e5f5e53916372e4a2346dca0 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 28 Oct 2023 11:31:42 +0300 Subject: [PATCH] Check the need for SA Query earlier in association processing The way these checks were done for WPS enabled APs were unnecessarily complex and missed one of the cases. Simplify this by doing the check only once and do that earlier in the process to minimize changes to STA state. Fixes: a7f55f7f68f1 ("WPS: Enable SA Query checks for WPS AP") Signed-off-by: Jouni Malinen --- src/ap/drv_callbacks.c | 29 ++++++++--------------------- src/ap/ieee802_11.c | 10 +++++----- 2 files changed, 13 insertions(+), 26 deletions(-) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index ff826dd67..40a1ceab1 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -341,6 +341,14 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, } } + if (hapd->conf->wpa && check_sa_query_need(hapd, sta)) { + status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; + p = hostapd_eid_assoc_comeback_time(hapd, sta, p); + hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf); + + return 0; + } + #ifdef CONFIG_IEEE80211BE if (link_addr) { struct mld_info *info = &sta->mld_info; @@ -473,17 +481,6 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, os_memcmp(ie + 2, "\x00\x50\xf2\x04", 4) == 0) { struct wpabuf *wps; - if (check_sa_query_need(hapd, sta)) { - status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; - - p = hostapd_eid_assoc_comeback_time(hapd, sta, - p); - - hostapd_sta_assoc(hapd, addr, reassoc, status, - buf, p - buf); - return 0; - } - sta->flags |= WLAN_STA_WPS; wps = ieee802_11_vendor_ie_concat(ie, ielen, WPS_IE_VENDOR_TYPE); @@ -499,16 +496,6 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, } #endif /* CONFIG_WPS */ - if (check_sa_query_need(hapd, sta)) { - status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; - - p = hostapd_eid_assoc_comeback_time(hapd, sta, p); - - hostapd_sta_assoc(hapd, addr, reassoc, status, buf, - p - buf); - return 0; - } - if (sta->wpa_sm == NULL) sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index a9b3e8c60..4ec410df6 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -3958,8 +3958,6 @@ static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, if (hapd->conf->wps_state && elems->wps_ie && ies && ies_len) { wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " "Request - assume WPS is used"); - if (check_sa_query(hapd, sta, reassoc)) - return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; sta->flags |= WLAN_STA_WPS; wpabuf_free(sta->wps_ie); sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, @@ -3991,9 +3989,6 @@ static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, if (hapd->conf->wpa && wpa_ie) { enum wpa_validate_result res; - if (check_sa_query(hapd, sta, reassoc)) - return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; - wpa_ie -= 2; wpa_ie_len += 2; @@ -5344,6 +5339,11 @@ static void handle_assoc(struct hostapd_data *hapd, } #endif /* CONFIG_MBO */ + if (hapd->conf->wpa && check_sa_query(hapd, sta, reassoc)) { + resp = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; + goto fail; + } + /* * sta->capability is used in check_assoc_ies() for RRM enabled * capability element. -- 2.47.3