Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

FT: Drop FT Action frames if ft_over_ds=0

Previously, the hostapd ft_over_ds parameter was used to only advertise
whether FT-over-DS is enabled in MDE and leave it to the stations to
follow that advertisement. This commit extends this to explicitly reject
(silently drop) FT Action frames if a station does not follow the
advertised capabilities.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 8 ans
Parent
ef40b1b95e
commit
1940559ea4
1 fichiers modifiés avec 5 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 5 0
      src/ap/wpa_auth_ft.c

+ 5 - 0
src/ap/wpa_auth_ft.c
Voir le fichier 

@@ -1293,6 +1293,11 @@ int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
 
 
 	wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
 
 
+	if (!sm->wpa_auth->conf.ft_over_ds) {
 
+		wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
 
+		return -1;
 
+	}
 
+
 
 	/* RRB - Forward action frame to the target AP */
 
 	frame = os_malloc(sizeof(*frame) + len);
 
 	if (frame == NULL)