Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Ignore scan results from ongoing scan when FLUSH command is issued

This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.

This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 8 years ago
parent
79124c7ba1
commit
6e374bd44d
4 changed files with 17 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      wpa_supplicant/ctrl_iface.c
  2. 2 0
      wpa_supplicant/events.c
  3. 12 0
      wpa_supplicant/scan.c
  4. 1 0
      wpa_supplicant/wpa_supplicant_i.h

+ 2 - 1
wpa_supplicant/ctrl_iface.c
View File 

@@ -7188,7 +7188,8 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
 
 
 	wpa_dbg(wpa_s, MSG_DEBUG, "Flush all wpa_supplicant state");
 
 
-	wpas_abort_ongoing_scan(wpa_s);
 
+	if (wpas_abort_ongoing_scan(wpa_s) == 0)
 
+		wpa_s->ignore_post_flush_scan_res = 1;
 
 
 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
 
 		/*

+ 2 - 0
wpa_supplicant/events.c
View File 

@@ -1966,6 +1966,8 @@ int wpa_supplicant_fast_associate(struct wpa_supplicant *wpa_s)
 
 #else /* CONFIG_NO_SCAN_PROCESSING */
 
 	struct os_reltime now;
 
 
+	wpa_s->ignore_post_flush_scan_res = 0;
 
+
 
 	if (wpa_s->last_scan_res_used == 0)
 
 		return -1;

+ 12 - 0
wpa_supplicant/scan.c
View File 

@@ -714,6 +714,8 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
 
 	size_t max_ssids;
 
 	int connect_without_scan = 0;
 
 
+	wpa_s->ignore_post_flush_scan_res = 0;
 
+
 
 	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
 
 		wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled");
 
 		return;
 
@@ -2212,6 +2214,16 @@ wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
 
 	}
 
 	dump_scan_res(scan_res);
 
 
+	if (wpa_s->ignore_post_flush_scan_res) {
 
+		/* FLUSH command aborted an ongoing scan and these are the
 
+		 * results from the aborted scan. Do not process the results to
 
+		 * maintain flushed state. */
 
+		wpa_dbg(wpa_s, MSG_DEBUG,
 
+			"Do not update BSS table based on pending post-FLUSH scan results");
 
+		wpa_s->ignore_post_flush_scan_res = 0;
 
+		return scan_res;
 
+	}
 
+
 
 	wpa_bss_update_start(wpa_s);
 
 	for (i = 0; i < scan_res->num; i++)
 
 		wpa_bss_update_scan_res(wpa_s, scan_res->res[i],

+ 1 - 0
wpa_supplicant/wpa_supplicant_i.h
View File 

@@ -987,6 +987,7 @@ struct wpa_supplicant {
 
 	unsigned int wmm_ac_supported:1;
 
 	unsigned int ext_work_in_progress:1;
 
 	unsigned int own_disconnect_req:1;
 
+	unsigned int ignore_post_flush_scan_res:1;
 
 
 #define MAC_ADDR_RAND_SCAN       BIT(0)
 
 #define MAC_ADDR_RAND_SCHED_SCAN BIT(1)