summaryrefslogtreecommitdiff
path: root/core/mac/src
diff options
context:
space:
mode:
authorLiangwei Dong <liangwei@codeaurora.org>2018-08-21 00:47:05 -0400
committernshrivas <nshrivas@codeaurora.org>2018-08-28 07:18:51 -0700
commitf94ee7f9ad82f948ce76ce1e18656e52da1b7932 (patch)
treec63291427f2ebbfd4ae77b091eac505ac9fa055f /core/mac/src
parent6cc24a5789fa12140f2d879a3dce50ae0ff80044 (diff)
qcacld-3.0: Reject Invalid RSN IE Assoc Request
If SAP configured with RSN security IE, peer should include compatible RSN parameters. Reject the Assoc request if peer include invalid RSN IE. Change-Id: I10083d7feb669fe5d1c2650ae3c3092e5b28169e CRs-Fixed: 2294876
Diffstat (limited to 'core/mac/src')
-rw-r--r--core/mac/src/pe/lim/lim_process_assoc_req_frame.c329
1 files changed, 178 insertions, 151 deletions
diff --git a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c
index a0705ba905a6..12e1237302a9 100644
--- a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c
+++ b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c
@@ -718,6 +718,171 @@ static void lim_print_ht_cap(tpAniSirGlobal mac_ctx, tpPESession session,
}
/**
+ * lim_check_wpa_rsn_ie() - wpa and rsn ie related checks
+ * @session: pointer to pe session entry
+ * @mac_ctx: pointer to Global MAC structure
+ * @sub_type: Assoc(=0) or Reassoc(=1) Requestframe
+ * @hdr: pointer to the MAC head
+ * @assoc_req: pointer to ASSOC/REASSOC Request frame
+ * @pmf_connection: flag indicating pmf connection
+ *
+ * This function checks if wpa/rsn IE is present and validates
+ * ie version, length and mismatch.
+ *
+ * Return: true if no error, false otherwise
+ */
+static bool lim_check_wpa_rsn_ie(tpPESession session, tpAniSirGlobal mac_ctx,
+ uint8_t sub_type, tpSirMacMgmtHdr hdr,
+ tpSirAssocReq assoc_req, bool *pmf_connection)
+{
+ uint32_t ret;
+ tDot11fIEWPA dot11f_ie_wpa = {0};
+ tDot11fIERSN dot11f_ie_rsn = {0};
+ tSirRetStatus status = eSIR_SUCCESS;
+
+ /*
+ * Clear the buffers so that frame parser knows that there isn't a
+ * previously decoded IE in these buffers
+ */
+ qdf_mem_set((uint8_t *)&dot11f_ie_rsn, sizeof(dot11f_ie_rsn), 0);
+ qdf_mem_set((uint8_t *)&dot11f_ie_wpa, sizeof(dot11f_ie_wpa), 0);
+
+ pe_err("RSN enabled auth, Re/Assoc req from STA: "
+ MAC_ADDRESS_STR, MAC_ADDR_ARRAY(hdr->sa));
+ if (assoc_req->rsnPresent) {
+ if (!assoc_req->rsn.length) {
+ pe_warn("Re/Assoc rejected from: "
+ MAC_ADDRESS_STR,
+ MAC_ADDR_ARRAY(hdr->sa));
+ /*
+ * rcvd Assoc req frame with RSN IE but
+ * length is 0
+ */
+ lim_send_assoc_rsp_mgmt_frame(
+ mac_ctx,
+ eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
+ 1, hdr->sa, sub_type, 0, session);
+ return false;
+ }
+
+ /* Unpack the RSN IE */
+ ret = dot11f_unpack_ie_rsn(
+ mac_ctx,
+ &assoc_req->rsn.info[0],
+ assoc_req->rsn.length,
+ &dot11f_ie_rsn, false);
+ if (!DOT11F_SUCCEEDED(ret)) {
+ pe_err("Invalid RSN ie");
+ lim_send_assoc_rsp_mgmt_frame(
+ mac_ctx,
+ eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
+ 1, hdr->sa, sub_type, 0, session);
+ return false;
+ }
+
+ /* Check RSN version is supported */
+ if (SIR_MAC_OUI_VERSION_1 ==
+ dot11f_ie_rsn.version) {
+ /*
+ * check the groupwise and
+ * pairwise cipher suites
+ */
+ status = lim_check_rx_rsn_ie_match(
+ mac_ctx, dot11f_ie_rsn,
+ session,
+ assoc_req->HTCaps.present,
+ pmf_connection);
+ if (eSIR_SUCCESS != status) {
+ pe_warn("Re/Assoc rejected from: "
+ MAC_ADDRESS_STR,
+ MAC_ADDR_ARRAY(hdr->sa));
+ /*
+ * some IE is not
+ * properly sent
+ * received Association
+ * req frame with RSN IE
+ * but length is 0
+ */
+ lim_send_assoc_rsp_mgmt_frame(
+ mac_ctx,
+ status, 1,
+ hdr->sa,
+ sub_type, 0,
+ session);
+ return false;
+ }
+ } else {
+ pe_warn("Re/Assoc rejected from: "
+ MAC_ADDRESS_STR,
+ MAC_ADDR_ARRAY(hdr->sa));
+ /*
+ * rcvd Assoc req frame with RSN
+ * IE version wrong
+ */
+ lim_send_assoc_rsp_mgmt_frame(
+ mac_ctx,
+ eSIR_MAC_UNSUPPORTED_RSN_IE_VERSION_STATUS,
+ 1, hdr->sa, sub_type, 0,
+ session);
+ return false;
+ }
+ } else if (assoc_req->wpaPresent) {
+ if (!assoc_req->wpa.length) {
+ pe_warn("Re/Assoc rejected from: "
+ MAC_ADDRESS_STR,
+ MAC_ADDR_ARRAY(hdr->sa));
+ /*
+ * rcvd Assoc req frame with invalid WPA
+ * IE
+ */
+ lim_send_assoc_rsp_mgmt_frame(
+ mac_ctx,
+ eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
+ 1, hdr->sa, sub_type, 0, session);
+ return false;
+ }
+ /* Unpack the WPA IE */
+ ret = dot11f_unpack_ie_wpa(
+ mac_ctx,
+ &assoc_req->wpa.info[4],
+ (assoc_req->wpa.length - 4),
+ &dot11f_ie_wpa, false);
+ if (!DOT11F_SUCCEEDED(ret)) {
+ pe_err("Invalid WPA IE");
+ lim_send_assoc_rsp_mgmt_frame(
+ mac_ctx,
+ eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
+ 1, hdr->sa, sub_type, 0,
+ session);
+ return false;
+ }
+ /*
+ * check the groupwise and pairwise
+ * cipher suites
+ */
+ status = lim_check_rx_wpa_ie_match(
+ mac_ctx, dot11f_ie_wpa,
+ session,
+ assoc_req->HTCaps.present);
+ if (eSIR_SUCCESS != status) {
+ pe_warn("Re/Assoc rejected from: "
+ MAC_ADDRESS_STR,
+ MAC_ADDR_ARRAY(hdr->sa));
+ /*
+ * rcvd Assoc req frame with WPA
+ * IE but mismatch
+ */
+ lim_send_assoc_rsp_mgmt_frame(
+ mac_ctx, status, 1,
+ hdr->sa, sub_type, 0,
+ session);
+ return false;
+ }
+ }
+ return true;
+}
+
+/**
* lim_chk_n_process_wpa_rsn_ie() - wpa ie related checks
* @mac_ctx: pointer to Global MAC structure
* @hdr: pointer to the MAC head
@@ -737,16 +902,6 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx,
uint8_t sub_type, bool *pmf_connection)
{
uint8_t *wps_ie = NULL;
- uint32_t ret;
- tDot11fIEWPA dot11f_ie_wpa = {0};
- tDot11fIERSN dot11f_ie_rsn = {0};
- tSirRetStatus status = eSIR_SUCCESS;
- /*
- * Clear the buffers so that frame parser knows that there isn't a
- * previously decoded IE in these buffers
- */
- qdf_mem_set((uint8_t *) &dot11f_ie_rsn, sizeof(dot11f_ie_rsn), 0);
- qdf_mem_set((uint8_t *) &dot11f_ie_wpa, sizeof(dot11f_ie_wpa), 0);
/* if additional IE is present, check if it has WscIE */
if (assoc_req->addIEPresent && assoc_req->addIE.length)
@@ -756,149 +911,21 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx,
pe_debug("Assoc req addIEPresent: %d addIE length: %d",
assoc_req->addIEPresent, assoc_req->addIE.length);
- /* when wps_ie is present, RSN/WPA IE is ignored */
- if (wps_ie == NULL) {
- /* check whether as RSN IE is present */
- if (LIM_IS_AP_ROLE(session) &&
- session->pLimStartBssReq->privacy &&
- session->pLimStartBssReq->rsnIE.length) {
- pe_err("RSN enabled auth, Re/Assoc req from STA: "
- MAC_ADDRESS_STR,
- MAC_ADDR_ARRAY(hdr->sa));
- if (assoc_req->rsnPresent) {
- if (assoc_req->rsn.length) {
- /* Unpack the RSN IE */
- ret = dot11f_unpack_ie_rsn(mac_ctx,
- &assoc_req->rsn.info[0],
- assoc_req->rsn.length,
- &dot11f_ie_rsn, false);
- if (!DOT11F_SUCCEEDED(ret)) {
- pe_err("Invalid RSN ie");
- return false;
- }
-
- /* Check RSN version is supported */
- if (SIR_MAC_OUI_VERSION_1 ==
- dot11f_ie_rsn.version) {
- /*
- * check the groupwise and
- * pairwise cipher suites
- */
- status =
- lim_check_rx_rsn_ie_match(
- mac_ctx, dot11f_ie_rsn,
- session,
- assoc_req->HTCaps.present,
- pmf_connection);
- if (eSIR_SUCCESS != status) {
- pe_warn("Re/Assoc rejected from: " MAC_ADDRESS_STR,
- MAC_ADDR_ARRAY(
- hdr->sa));
-
- /*
- * some IE is not
- * properly sent
- * received Association
- * req frame with RSN IE
- * but length is 0
- */
- lim_send_assoc_rsp_mgmt_frame(
- mac_ctx,
- status, 1,
- hdr->sa,
- sub_type, 0,
- session);
- return false;
- }
- } else {
- pe_warn("Re/Assoc rejected from: " MAC_ADDRESS_STR,
- MAC_ADDR_ARRAY(
- hdr->sa));
- /*
- * rcvd Assoc req frame with RSN
- * IE version wrong
- */
- lim_send_assoc_rsp_mgmt_frame(
- mac_ctx,
- eSIR_MAC_UNSUPPORTED_RSN_IE_VERSION_STATUS,
- 1, hdr->sa, sub_type, 0,
- session);
- return false;
- }
- } else {
- pe_warn("Re/Assoc rejected from: "
- MAC_ADDRESS_STR,
- MAC_ADDR_ARRAY(hdr->sa));
- /*
- * rcvd Assoc req frame with RSN IE but
- * length is 0
- */
- lim_send_assoc_rsp_mgmt_frame(mac_ctx,
- eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
- 1, hdr->sa, sub_type, 0,
- session);
- return false;
- }
- } /* end - if(assoc_req->rsnPresent) */
- if ((!assoc_req->rsnPresent) && assoc_req->wpaPresent) {
- /* Unpack the WPA IE */
- if (assoc_req->wpa.length) {
- /* OUI is not taken care */
- ret = dot11f_unpack_ie_wpa(mac_ctx,
- &assoc_req->wpa.info[4],
- (assoc_req->wpa.length - 4),
- &dot11f_ie_wpa, false);
- if (!DOT11F_SUCCEEDED(ret)) {
- pe_err("Invalid WPA IE");
- return false;
- }
- /*
- * check the groupwise and pairwise
- * cipher suites
- */
- status = lim_check_rx_wpa_ie_match(
- mac_ctx, dot11f_ie_wpa,
- session,
- assoc_req->HTCaps.present);
- if (eSIR_SUCCESS != status) {
- pe_warn("Re/Assoc rejected from: "
- MAC_ADDRESS_STR,
- MAC_ADDR_ARRAY(
- hdr->sa));
- /*
- * rcvd Assoc req frame with WPA
- * IE but mismatch
- */
- lim_send_assoc_rsp_mgmt_frame(
- mac_ctx, status, 1,
- hdr->sa, sub_type, 0,
- session);
- return false;
- }
- } else {
- pe_warn("Re/Assoc rejected from: "
- MAC_ADDRESS_STR,
- MAC_ADDR_ARRAY(hdr->sa));
- /*
- * rcvd Assoc req frame with invalid WPA
- * IE
- */
- lim_send_assoc_rsp_mgmt_frame(mac_ctx,
- eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS,
- 1, hdr->sa, sub_type, 0,
- session);
- return false;
- } /* end - if(assoc_req->wpa.length) */
- } /* end - if(assoc_req->wpaPresent) */
- }
- /*
- * end of if(session->pLimStartBssReq->privacy
- * && session->pLimStartBssReq->rsnIE->length)
- */
- } /* end of if( ! assoc_req->wscInfo.present ) */
- else {
+ if (wps_ie) {
pe_debug("Assoc req WSE IE is present");
+ return true;
}
+
+ /* when wps_ie is present, RSN/WPA IE is ignored */
+ if (LIM_IS_AP_ROLE(session) &&
+ session->pLimStartBssReq->privacy &&
+ session->pLimStartBssReq->rsnIE.length) {
+ /* check whether RSN IE is present */
+ return lim_check_wpa_rsn_ie(
+ session, mac_ctx, sub_type,
+ hdr, assoc_req, pmf_connection);
+ }
+
return true;
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-22 10:21:52 +0000