[src/trunk]: src/external/bsd/wpa/dist/src/ap [PATCH] AP: Silently ignore man...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/external/bsd/wpa/dist/src/ap [PATCH] AP: Silently ignore man...
From: christos <christos%NetBSD.org@localhost>
Date: Sat, 19 Oct 2019 21:06:45 +0000

details:   https://anonhg.NetBSD.org/src/rev/500e74d8036b
branches:  trunk
changeset: 459464:500e74d8036b
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Sep 12 23:46:11 2019 +0000

description:
[PATCH] AP: Silently ignore management frame from unexpected source address

Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.

In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.

Signed-off-by: Jouni Malinen <j%w1.fi@localhost>

diffstat:

 external/bsd/wpa/dist/src/ap/drv_callbacks.c |  13 +++++++++++++
 external/bsd/wpa/dist/src/ap/ieee802_11.c    |  12 ++++++++++++
 2 files changed, 25 insertions(+), 0 deletions(-)

diffs (45 lines):

diff -r ff0a83772d43 -r 500e74d8036b external/bsd/wpa/dist/src/ap/drv_callbacks.c
--- a/external/bsd/wpa/dist/src/ap/drv_callbacks.c      Thu Sep 12 21:56:55 2019 +0000
+++ b/external/bsd/wpa/dist/src/ap/drv_callbacks.c      Thu Sep 12 23:46:11 2019 +0000
@@ -129,6 +129,19 @@
                           "hostapd_notif_assoc: Skip event with no address");
                return -1;
        }
+
+       if (is_multicast_ether_addr(addr) ||
+           is_zero_ether_addr(addr) ||
+           os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+               /* Do not process any frames with unexpected/invalid SA so that
+                * we do not add any state for unexpected STA addresses or end
+                * up sending out frames to unexpected destination. */
+               wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+                          " in received indication - ignore this indication silently",
+                          __func__, MAC2STR(addr));
+               return 0;
+       }
+
        random_add_randomness(addr, ETH_ALEN);
 
        hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff -r ff0a83772d43 -r 500e74d8036b external/bsd/wpa/dist/src/ap/ieee802_11.c
--- a/external/bsd/wpa/dist/src/ap/ieee802_11.c Thu Sep 12 21:56:55 2019 +0000
+++ b/external/bsd/wpa/dist/src/ap/ieee802_11.c Thu Sep 12 23:46:11 2019 +0000
@@ -3978,6 +3978,18 @@
        fc = le_to_host16(mgmt->frame_control);
        stype = WLAN_FC_GET_STYPE(fc);
 
+       if (is_multicast_ether_addr(mgmt->sa) ||
+           is_zero_ether_addr(mgmt->sa) ||
+           os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+               /* Do not process any frames with unexpected/invalid SA so that
+                * we do not add any state for unexpected STA addresses or end
+                * up sending out frames to unexpected destination. */
+               wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+                          " in received frame - ignore this frame silently",
+                          MAC2STR(mgmt->sa));
+               return 0;
+       }
+
        if (stype == WLAN_FC_STYPE_BEACON) {
                handle_beacon(hapd, mgmt, len, fi);
                return 1;

Prev by Date: [src/trunk]: src/usr.sbin/postinstall exclude_libs - redirect ls 2> /dev/null...
Next by Date: [src/trunk]: src/sys/kern Accept root device specification as NAME=label
Previous by Thread: [src/trunk]: src/usr.sbin/postinstall exclude_libs - redirect ls 2> /dev/null...
Next by Thread: [src/trunk]: src/sys/kern Accept root device specification as NAME=label
Indexes:

Home | Main Index | Thread Index | Old Index