hak5
/
openwrt
mirror of https://github.com/hak5/openwrt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

hostapd: backport fix for wnm_sleep_mode=0 

wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openwrt-18.06
Timo Sigurdsson 2017-11-14 21:41:30 +01:00 committed by Stijn Tintel
parent 6515887ed9
commit bd45e15d0a
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/network/services/hostapd/Makefile
View File

@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd PKG_NAME:=hostapd
PKG_RELEASE:=4 PKG_RELEASE:=5
PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git

35
package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch Normal file
View File

@ -0,0 +1,35 @@
From 114f2830d2c2aee6db23d48240e93415a256a37c Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 20 Oct 2017 17:39:42 +0300
Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case
The hostapd wnm_sleep_mode parameter was previously used to control
advertisement of WNM-Sleep Mode support, but it was not used when
processing a request to use WNM-Sleep Mode. Add an explicit check during
request processing as well so that any misbehaving station is ignored.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
src/ap/wnm_ap.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
index 7c4fde0..973e4d3 100644
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c
@@ -200,6 +200,13 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
u8 *tfsreq_ie_end = NULL;
u16 tfsreq_ie_len = 0;
+ if (!hapd->conf->wnm_sleep_mode) {
+ wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
+ MACSTR " since WNM-Sleep Mode is disabled",
+ MAC2STR(addr));
+ return;
+ }
+
dialog_token = *pos++;
while (pos + 1 < frm + len) {
u8 ie_len = pos[1];
--
2.1.4