diff options
author | Timo Sigurdsson <public_timo.s@silentcreek.de> | 2017-11-14 21:41:30 +0100 |
---|---|---|
committer | Stijn Tintel <stijn@linux-ipv6.be> | 2017-12-07 19:45:44 +0100 |
commit | f5f5f583f9fe3581646fdc35b613f436908666c6 (patch) | |
tree | ffa192c8946acd53f912b9f9b02ecb6d68836827 /package | |
parent | 19ebc19f545c7f96bcf5a6437b405cb849be453c (diff) | |
download | upstream-f5f5f583f9fe3581646fdc35b613f436908666c6.tar.gz upstream-f5f5f583f9fe3581646fdc35b613f436908666c6.tar.bz2 upstream-f5f5f583f9fe3581646fdc35b613f436908666c6.zip |
hostapd: backport fix for wnm_sleep_mode=0
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd45e15d0afe64dfed5a02a50a634f7947b50144
fixed PKG_RELEASE and renumbered patch)
Conflicts:
package/network/services/hostapd/Makefile
Diffstat (limited to 'package')
-rw-r--r-- | package/network/services/hostapd/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/hostapd/patches/019-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch | 35 |
2 files changed, 36 insertions, 1 deletions
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 3337f46208..c9de3c05bb 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/patches/019-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch b/package/network/services/hostapd/patches/019-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch new file mode 100644 index 0000000000..13426e4db1 --- /dev/null +++ b/package/network/services/hostapd/patches/019-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch @@ -0,0 +1,35 @@ +From 114f2830d2c2aee6db23d48240e93415a256a37c Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Fri, 20 Oct 2017 17:39:42 +0300 +Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case + +The hostapd wnm_sleep_mode parameter was previously used to control +advertisement of WNM-Sleep Mode support, but it was not used when +processing a request to use WNM-Sleep Mode. Add an explicit check during +request processing as well so that any misbehaving station is ignored. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + src/ap/wnm_ap.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c +index 7c4fde0..973e4d3 100644 +--- a/src/ap/wnm_ap.c ++++ b/src/ap/wnm_ap.c +@@ -200,6 +200,13 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, + u8 *tfsreq_ie_end = NULL; + u16 tfsreq_ie_len = 0; + ++ if (!hapd->conf->wnm_sleep_mode) { ++ wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from " ++ MACSTR " since WNM-Sleep Mode is disabled", ++ MAC2STR(addr)); ++ return; ++ } ++ + dialog_token = *pos++; + while (pos + 1 < frm + len) { + u8 ie_len = pos[1]; +-- +2.1.4 |