c1439fd21c2cca778677946450b36e1acd1e3937
[openwrt/openwrt.git] /
1 From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
2 From: Jouni Malinen <j@w1.fi>
3 Date: Thu, 29 Aug 2019 11:52:04 +0300
4 Subject: [PATCH] AP: Silently ignore management frame from unexpected source
5 address
6
7 Do not process any received Management frames with unexpected/invalid SA
8 so that we do not add any state for unexpected STA addresses or end up
9 sending out frames to unexpected destination. This prevents unexpected
10 sequences where an unprotected frame might end up causing the AP to send
11 out a response to another device and that other device processing the
12 unexpected response.
13
14 In particular, this prevents some potential denial of service cases
15 where the unexpected response frame from the AP might result in a
16 connected station dropping its association.
17
18 Signed-off-by: Jouni Malinen <j@w1.fi>
19 ---
20 src/ap/drv_callbacks.c | 13 +++++++++++++
21 src/ap/ieee802_11.c | 12 ++++++++++++
22 2 files changed, 25 insertions(+)
23
24 --- a/src/ap/drv_callbacks.c
25 +++ b/src/ap/drv_callbacks.c
26 @@ -129,6 +129,19 @@ int hostapd_notif_assoc(struct hostapd_d
27 "hostapd_notif_assoc: Skip event with no address");
28 return -1;
29 }
30 +
31 + if (is_multicast_ether_addr(addr) ||
32 + is_zero_ether_addr(addr) ||
33 + os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
34 + /* Do not process any frames with unexpected/invalid SA so that
35 + * we do not add any state for unexpected STA addresses or end
36 + * up sending out frames to unexpected destination. */
37 + wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
38 + " in received indication - ignore this indication silently",
39 + __func__, MAC2STR(addr));
40 + return 0;
41 + }
42 +
43 random_add_randomness(addr, ETH_ALEN);
44
45 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
46 --- a/src/ap/ieee802_11.c
47 +++ b/src/ap/ieee802_11.c
48 @@ -3978,6 +3978,18 @@ int ieee802_11_mgmt(struct hostapd_data
49 fc = le_to_host16(mgmt->frame_control);
50 stype = WLAN_FC_GET_STYPE(fc);
51
52 + if (is_multicast_ether_addr(mgmt->sa) ||
53 + is_zero_ether_addr(mgmt->sa) ||
54 + os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
55 + /* Do not process any frames with unexpected/invalid SA so that
56 + * we do not add any state for unexpected STA addresses or end
57 + * up sending out frames to unexpected destination. */
58 + wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
59 + " in received frame - ignore this frame silently",
60 + MAC2STR(mgmt->sa));
61 + return 0;
62 + }
63 +
64 if (stype == WLAN_FC_STYPE_BEACON) {
65 handle_beacon(hapd, mgmt, len, fi);
66 return 1;