Re: [RFC] hostapd: MFP: Handle auth request from an associated station

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> is not really doing that nicely. This is adding yet another copy of
> authentication frame processing and would indeed need a lot more
> duplicated code to handle FT, SAE, and FILS authentication algorithms.
> 
> It looks much simpler to fix the regression in the full state state
> commit mentioned above with the following change to leave a single
> authentication frame processing implementation in use for both cases:
> 
> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -1580,8 +1580,15 @@ static void handle_auth(struct hostapd_data *hapd,
>  	 *
>  	 * In mesh mode, the station was already added to the driver when the
>  	 * NEW_PEER_CANDIDATE event is received.
> +	 *
> +	 * If PMF was negotiated for the existing association, skip this to
> +	 * avoid dropping the STA entry and the associated keys. This is needed
> +	 * to allow the original connection work until the attempt can complete
> +	 * (re)association, so that unprotected Authentication frame cannot be
> +	 * used to bypass PMF protection.
>  	 */
>  	if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
> +	    (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
>  	    !(hapd->conf->mesh & MESH_ENABLED) &&
>  	    !(sta->added_unassoc)) {
>  		/*
>  

Simpler and nicer. 

Thanks for handling this,

Ilan.

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux