Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

VLAN: Avoid access to non-existing interfaces

Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.

This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Michael Braun 11 years ago
parent
4345fe963e
commit
80ebfd9527
4 changed files with 16 additions and 5 deletions
Split View Show Diff Stats
  1. 13 1
      src/ap/ap_config.c
  2. 1 0
      src/ap/ap_config.h
  3. 1 2
      src/ap/ieee802_11.c
  4. 1 2
      src/ap/ieee802_1x.c

+ 13 - 1
src/ap/ap_config.c
View File 

@@ -606,11 +606,23 @@ int hostapd_rate_found(int *list, int rate)
 
 }
 
 
 
-const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
 
+int hostapd_vlan_id_valid(struct hostapd_vlan *vlan, int vlan_id)
 
 {
 
 	struct hostapd_vlan *v = vlan;
 
 	while (v) {
 
 		if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD)
 
+			return 1;
 
+		v = v->next;
 
+	}
 
+	return 0;
 
+}
 
+
 
+
 
+const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
 
+{
 
+	struct hostapd_vlan *v = vlan;
 
+	while (v) {
 
+		if (v->vlan_id == vlan_id)
 
 			return v->ifname;
 
 		v = v->next;
 
 	}

+ 1 - 0
src/ap/ap_config.h
View File 

@@ -547,6 +547,7 @@ int hostapd_wep_key_cmp(struct hostapd_wep_keys *a,
 
 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
 
 			   const u8 *addr, const u8 *prev_psk);
 
 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
 
+int hostapd_vlan_id_valid(struct hostapd_vlan *vlan, int vlan_id);
 
 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
 
 					int vlan_id);
 
 struct hostapd_radius_attr *

+ 1 - 2
src/ap/ieee802_11.c
View File 

@@ -650,8 +650,7 @@ static void handle_auth(struct hostapd_data *hapd,
 
 	}
 
 
 	if (vlan_id > 0) {
 
-		if (hostapd_get_vlan_id_ifname(hapd->conf->vlan,
 
-					       vlan_id) == NULL) {
 
+		if (!hostapd_vlan_id_valid(hapd->conf->vlan, vlan_id)) {
 
 			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
 
 				       HOSTAPD_LEVEL_INFO, "Invalid VLAN ID "
 
 				       "%d received from RADIUS server",

+ 1 - 2
src/ap/ieee802_1x.c
View File 

@@ -1438,8 +1438,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 
 			sta->vlan_id = radius_msg_get_vlanid(msg);
 
 		}
 
 		if (sta->vlan_id > 0 &&
 
-		    hostapd_get_vlan_id_ifname(hapd->conf->vlan,
 
-					       sta->vlan_id)) {
 
+		    hostapd_vlan_id_valid(hapd->conf->vlan, sta->vlan_id)) {
 
 			hostapd_logger(hapd, sta->addr,
 
 				       HOSTAPD_MODULE_RADIUS,
 
 				       HOSTAPD_LEVEL_INFO,