RE: [PATCH 4/4] wpa_supplicant: Add GTK RSC relaxation workaround

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> On Wed, Oct 14, 2015 at 12:26:33PM +0300, Ilan Peer wrote:
> > Some APs may send RSC octets in EAP message 3 of 4-Way Handshake or in
> > EAP message 1 of Group Key Handshake in the opposite order. Thus,
> > after a successful EAP authentication the TSC values of received
> > multicast packets, such as DHCP, don't match the RSC one and as a
> > result these packets are dropped on replay attack TSC verification. An
> > example of such AP is Sapido RB-1732.
> >
> > Workaournd this by setting RSC octets to 0 on GTK installation if the
> > AP RSC value is identified as a potentially having the byte order issue.
> > The wpa_rsc_relaxation global configuration property allows to disable
> > the GTK RSC workaround if it's not needed.
> 
> Thanks, applied with some fixes and cleanup.
> 
> > +static int wpa_supplicant_get_wpa_rsc_relaxation(const struct wpa_sm
> > +*sm) {
> > +	if (sm->ctx->get_wpa_rsc_relaxation)
> > +		return sm->ctx->get_wpa_rsc_relaxation(sm->ctx->ctx);
> > +	return 0;
> > +}
> 
> There is no need to add a separate function pointer and callback for this;
> there is already a mechanism for updating WPA/RSN configuration
> parameters for each connection. I replaced this callback mechanism with a
> new such configuration parameter.
> 

I'll remember this in the future.

> > +static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
> > +					 const u8 *rsc)
> > +{
> > +	int rsclen;
> > +
> > +	if (wpa_supplicant_get_wpa_rsc_relaxation(sm))
> > +		return 0;
> 
> This logic looks reversed, i.e., that needs to be "if
> (!wpa_supplicant_get_wpa_rsc_relaxation(sm))"..
> 

Yep. Thanks for catching this.

Thanks,

Ilan.


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux