In some cases, we received an authentication attempt from a station
with an invalid mac address (all zeros). Fix it by checking the mac
address and ignoring the auth request.
Signed-off-by: Sarada Prasanna Garnayak <sarada.prasanna.garnayak@xxxxxxxxx>
---
src/ap/ieee802_11.c | 7 +++++++
src/utils/common.h | 9 +++++++++
2 files changed, 16 insertions(+)
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c6138e1af..1c6498984 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1794,6 +1794,13 @@ static void handle_auth(struct hostapd_data *hapd,
}
#endif /* CONFIG_TESTING_OPTIONS */
+ if (!is_valid_ether_addr(mgmt->sa)) {
+ wpa_printf(MSG_INFO,
+ "handle_auth - Invalid STA MAC address: " MACSTR,
+ MAC2STR(mgmt->sa));
+ return;
+ }
+
auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
status_code = le_to_host16(mgmt->u.auth.status_code);
diff --git a/src/utils/common.h b/src/utils/common.h
index f824d001a..e83f57e41 100644
--- a/src/utils/common.h
+++ b/src/utils/common.h
@@ -525,6 +525,15 @@ static inline int is_multicast_ether_addr(const u8 *a)
return a[0] & 0x01;
}
+static inline int is_valid_ether_addr(const u8 *a)
+{
+ /*
+ * FF:FF:FF:FF:FF:FF is a multicast address, So we
+ * don't need to explicitly check for it here.
+ */
+ return !is_multicast_ether_addr(a) && !is_zero_ether_addr(a);
+}
+
#define broadcast_ether_addr (const u8 *) "\xff\xff\xff\xff\xff\xff"
#include "wpa_debug.h"
--
2.11.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
