Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Ignore pmf=1/2 parameter for non-RSN networks

PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen il y a 8 ans
Parent
2dc754e170
commit
22950049e4
3 fichiers modifiés avec 21 ajouts et 5 suppressions
Vue séparée Afficher les stats Diff
  1. 2 1
      wpa_supplicant/config.h
  2. 13 0
      wpa_supplicant/wpa_supplicant.c
  3. 6 4
      wpa_supplicant/wpa_supplicant.conf

+ 2 - 1
wpa_supplicant/config.h
Voir le fichier 

@@ -1039,7 +1039,8 @@ struct wpa_config {
 
 	 *
 
 	 * By default, PMF is disabled unless enabled by the per-network
 
 	 * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change
 
-	 * this default behavior.
 
+	 * this default behavior for RSN network (this is not applicable for
 
+	 * non-RSN cases).
 
 	 */
 
 	enum mfp_options pmf;

+ 13 - 0
wpa_supplicant/wpa_supplicant.c
Voir le fichier 

@@ -5825,6 +5825,19 @@ int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
 
 			return NO_MGMT_FRAME_PROTECTION;
 
 		}
 
 
+		if (ssid &&
 
+		    (ssid->key_mgmt &
 
+		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
 
+		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
 
+			/*
 
+			 * Do not use the default PMF value for non-RSN networks
 
+			 * since PMF is available only with RSN and pmf=2
 
+			 * configuration would otherwise prevent connections to
 
+			 * all open networks.
 
+			 */
 
+			return NO_MGMT_FRAME_PROTECTION;
 
+		}
 
+
 
 		return wpa_s->conf->pmf;
 
 	}

+ 6 - 4
wpa_supplicant/wpa_supplicant.conf
Voir le fichier 

@@ -360,10 +360,12 @@ fast_reauth=1
 
 
 # Protected Management Frames default
 
 # This parameter can be used to set the default behavior for the ieee80211w
 
-# parameter. By default, PMF is disabled unless enabled with the global pmf=1/2
 
-# parameter or with the per-network ieee80211w=1/2 parameter. With pmf=1/2, PMF
 
-# is enabled/required by default, but can be disabled with the per-network
 
-# ieee80211w parameter.
 
+# parameter for RSN networks. By default, PMF is disabled unless enabled with
 
+# the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter.
 
+# With pmf=1/2, PMF is enabled/required by default, but can be disabled with the
 
+# per-network ieee80211w parameter. This global default value does not apply
 
+# for non-RSN networks (key_mgmt=NONE) since PMF is available only when using
 
+# RSN.
 
 #pmf=0
 
 
 # Enabled SAE finite cyclic groups in preference order