|
 |
651fae |
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
|
|
|
651fae |
From: Jouni Malinen <j@w1.fi>
|
|
|
651fae |
Date: Thu, 29 Aug 2019 11:52:04 +0300
|
|
|
651fae |
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
|
|
|
651fae |
address
|
|
|
651fae |
|
|
|
651fae |
Do not process any received Management frames with unexpected/invalid SA
|
|
|
651fae |
so that we do not add any state for unexpected STA addresses or end up
|
|
|
651fae |
sending out frames to unexpected destination. This prevents unexpected
|
|
|
651fae |
sequences where an unprotected frame might end up causing the AP to send
|
|
|
651fae |
out a response to another device and that other device processing the
|
|
|
651fae |
unexpected response.
|
|
|
651fae |
|
|
|
651fae |
In particular, this prevents some potential denial of service cases
|
|
|
651fae |
where the unexpected response frame from the AP might result in a
|
|
|
651fae |
connected station dropping its association.
|
|
|
651fae |
|
|
|
651fae |
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
|
651fae |
---
|
|
|
651fae |
src/ap/drv_callbacks.c | 13 +++++++++++++
|
|
|
651fae |
src/ap/ieee802_11.c | 12 ++++++++++++
|
|
|
651fae |
2 files changed, 25 insertions(+)
|
|
|
651fae |
|
|
|
651fae |
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
|
|
|
651fae |
index 31587685fe3b..34ca379edc3d 100644
|
|
|
651fae |
--- a/src/ap/drv_callbacks.c
|
|
|
651fae |
+++ b/src/ap/drv_callbacks.c
|
|
|
651fae |
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
|
|
651fae |
"hostapd_notif_assoc: Skip event with no address");
|
|
|
651fae |
return -1;
|
|
|
651fae |
}
|
|
|
651fae |
+
|
|
|
651fae |
+ if (is_multicast_ether_addr(addr) ||
|
|
|
651fae |
+ is_zero_ether_addr(addr) ||
|
|
|
651fae |
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
|
|
|
651fae |
+ /* Do not process any frames with unexpected/invalid SA so that
|
|
|
651fae |
+ * we do not add any state for unexpected STA addresses or end
|
|
|
651fae |
+ * up sending out frames to unexpected destination. */
|
|
|
651fae |
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
|
|
|
651fae |
+ " in received indication - ignore this indication silently",
|
|
|
651fae |
+ __func__, MAC2STR(addr));
|
|
|
651fae |
+ return 0;
|
|
|
651fae |
+ }
|
|
|
651fae |
+
|
|
|
651fae |
random_add_randomness(addr, ETH_ALEN);
|
|
|
651fae |
|
|
|
651fae |
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
651fae |
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
|
|
|
651fae |
index c85a28db44b7..e7065372e158 100644
|
|
|
651fae |
--- a/src/ap/ieee802_11.c
|
|
|
651fae |
+++ b/src/ap/ieee802_11.c
|
|
|
651fae |
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
|
|
651fae |
fc = le_to_host16(mgmt->frame_control);
|
|
|
651fae |
stype = WLAN_FC_GET_STYPE(fc);
|
|
|
651fae |
|
|
|
651fae |
+ if (is_multicast_ether_addr(mgmt->sa) ||
|
|
|
651fae |
+ is_zero_ether_addr(mgmt->sa) ||
|
|
|
651fae |
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
|
|
|
651fae |
+ /* Do not process any frames with unexpected/invalid SA so that
|
|
|
651fae |
+ * we do not add any state for unexpected STA addresses or end
|
|
|
651fae |
+ * up sending out frames to unexpected destination. */
|
|
|
651fae |
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
|
|
|
651fae |
+ " in received frame - ignore this frame silently",
|
|
|
651fae |
+ MAC2STR(mgmt->sa));
|
|
|
651fae |
+ return 0;
|
|
|
651fae |
+ }
|
|
|
651fae |
+
|
|
|
651fae |
if (stype == WLAN_FC_STYPE_BEACON) {
|
|
|
651fae |
handle_beacon(hapd, mgmt, len, fi);
|
|
|
651fae |
return 1;
|
|
|
651fae |
--
|
|
|
651fae |
2.20.1
|
|
|
651fae |
|