Re: [PATCH 4/4] wpa_supplicant: Add GTK RSC relaxation workaround

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 14, 2015 at 12:26:33PM +0300, Ilan Peer wrote:
> Some APs may send RSC octets in EAP message 3 of 4-Way Handshake or in
> EAP message 1 of Group Key Handshake in the opposite order. Thus, after a
> successful EAP authentication the TSC values of received multicast packets,
> such as DHCP, don't match the RSC one and as a result these packets are
> dropped on replay attack TSC verification. An example of such AP is
> Sapido RB-1732.
> 
> Workaournd this by setting RSC octets to 0 on GTK installation if the AP
> RSC value is identified as a potentially having the byte order issue.
> The wpa_rsc_relaxation global configuration property allows to disable
> the GTK RSC workaround if it's not needed.

Thanks, applied with some fixes and cleanup.

> +static int wpa_supplicant_get_wpa_rsc_relaxation(const struct wpa_sm *sm)
> +{
> +	if (sm->ctx->get_wpa_rsc_relaxation)
> +		return sm->ctx->get_wpa_rsc_relaxation(sm->ctx->ctx);
> +	return 0;
> +}

There is no need to add a separate function pointer and callback for
this; there is already a mechanism for updating WPA/RSN configuration
parameters for each connection. I replaced this callback mechanism with
a new such configuration parameter.

> +static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
> +					 const u8 *rsc)
> +{
> +	int rsclen;
> +
> +	if (wpa_supplicant_get_wpa_rsc_relaxation(sm))
> +		return 0;

This logic looks reversed, i.e., that needs to be "if
(!wpa_supplicant_get_wpa_rsc_relaxation(sm))"..

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux