Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

hostapd: Require EAPOL-Key type to match with selected protocol

Previously, we would have allowed both the WPA and RSN EAPOL-Key
types to be used regardless of whether the association is using
WPA or RSN/WPA2. This shouldn't result in any significant problems
on the Authenticator side, but anyway, we should check the type and
ignore the EAPOL-Key frames that used unexpected type.
Jouni Malinen 16 years ago
parent
077a781f7a
commit
f8e96eb6fd
1 changed files with 16 additions and 0 deletions
Unified View Show Diff Stats
  1. 16 0
      hostapd/wpa.c

+ 16 - 0
hostapd/wpa.c
View File 

@@ -620,6 +620,22 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 
 		return;
 
 		return;
 
 	}
 
 	}
 
 
 
+	if (sm->wpa == WPA_VERSION_WPA2) {
 
+		if (key->type != EAPOL_KEY_TYPE_RSN) {
 
+			wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
 
+				   "unexpected type %d in RSN mode",
 
+				   key->type);
 
+			return;
 
+		}
 
+	} else {
 
+		if (key->type != EAPOL_KEY_TYPE_WPA) {
 
+			wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
 
+				   "unexpected type %d in WPA mode",
 
+				   key->type);
 
+			return;
 
+		}
 
+	}
 
+
 
 	/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
 
 	/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
 
 	 * are set */
 
 	 * are set */