CVS commit: src/external/bsd/wpa/dist/src/ap

Thu, 12 Sep 2019 16:47:03 -0700 

Module Name:    src
Committed By:   christos
Date:           Thu Sep 12 23:46:11 UTC 2019

Modified Files:
        src/external/bsd/wpa/dist/src/ap: drv_callbacks.c ieee802_11.c

Log Message:
[PATCH] AP: Silently ignore management frame from unexpected source address

Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.

In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.

Signed-off-by: Jouni Malinen <j...@w1.fi>


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/wpa/dist/src/ap/drv_callbacks.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/src/ap/ieee802_11.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/bsd/wpa/dist/src/ap/drv_callbacks.c
diff -u src/external/bsd/wpa/dist/src/ap/drv_callbacks.c:1.4 src/external/bsd/wpa/dist/src/ap/drv_callbacks.c:1.5
--- src/external/bsd/wpa/dist/src/ap/drv_callbacks.c:1.4	Fri Jan  4 16:22:20 2019
+++ src/external/bsd/wpa/dist/src/ap/drv_callbacks.c	Thu Sep 12 19:46:11 2019
@@ -129,6 +129,19 @@ int hostapd_notif_assoc(struct hostapd_d
 			   "hostapd_notif_assoc: Skip event with no address");
 		return -1;
 	}
+
+	if (is_multicast_ether_addr(addr) ||
+	    is_zero_ether_addr(addr) ||
+	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+		/* Do not process any frames with unexpected/invalid SA so that
+		 * we do not add any state for unexpected STA addresses or end
+		 * up sending out frames to unexpected destination. */
+		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+			   " in received indication - ignore this indication silently",
+			   __func__, MAC2STR(addr));
+		return 0;
+	}
+
 	random_add_randomness(addr, ETH_ALEN);
 
 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,

Index: src/external/bsd/wpa/dist/src/ap/ieee802_11.c
diff -u src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.3 src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.4
--- src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.3	Fri Jan  4 16:22:20 2019
+++ src/external/bsd/wpa/dist/src/ap/ieee802_11.c	Thu Sep 12 19:46:11 2019
@@ -3978,6 +3978,18 @@ int ieee802_11_mgmt(struct hostapd_data 
 	fc = le_to_host16(mgmt->frame_control);
 	stype = WLAN_FC_GET_STYPE(fc);
 
+	if (is_multicast_ether_addr(mgmt->sa) ||
+	    is_zero_ether_addr(mgmt->sa) ||
+	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+		/* Do not process any frames with unexpected/invalid SA so that
+		 * we do not add any state for unexpected STA addresses or end
+		 * up sending out frames to unexpected destination. */
+		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+			   " in received frame - ignore this frame silently",
+			   MAC2STR(mgmt->sa));
+		return 0;
+	}
+
 	if (stype == WLAN_FC_STYPE_BEACON) {
 		handle_beacon(hapd, mgmt, len, fi);
 		return 1;

Reply via email to