On Mon, Jan 21, 2019 at 12:32:38PM +0530, Sarada Prasanna Garnayak wrote:
> In some cases, we received an authentication attempt from a station
> with an invalid mac address (all zeros). Fix it by checking the mac
> address and ignoring the auth request.
Why would all zeros MAC address be invalid? The 00-00-00 OUI is assigned
to Xerox..
> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -1794,6 +1794,13 @@ static void handle_auth(struct hostapd_data *hapd,
> + if (!is_valid_ether_addr(mgmt->sa)) {
> + wpa_printf(MSG_INFO,
> + "handle_auth - Invalid STA MAC address: " MACSTR,
> + MAC2STR(mgmt->sa));
> + return;
> + }
Wouldn't it be better to do this in ieee802_11_mgmt() to cover all
management frames?
> diff --git a/src/utils/common.h b/src/utils/common.h
> +static inline int is_valid_ether_addr(const u8 *a)
> +{
> + /*
> + * FF:FF:FF:FF:FF:FF is a multicast address, So we
> + * don't need to explicitly check for it here.
> + */
> + return !is_multicast_ether_addr(a) && !is_zero_ether_addr(a);
> +}
This function name is pretty confusing.. Multicast addresses are valid
Ethernet addresses and so is all zeros address. It would make more sense
to do this without a misnamed helper function and simply document the
is_multicast_ether_addr() check in a comment in ieee802_11_mgmt() as
checking for addresses that are valid for sending management frames
from.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
