Change WEP network selection to reject WPA/WPA2 APs
Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
2e145e91e7
commit
86bd141050
1 changed files with 24 additions and 7 deletions
|
@ -334,10 +334,24 @@ int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
|
||||||
|
|
||||||
|
|
||||||
#ifndef CONFIG_NO_SCAN_PROCESSING
|
#ifndef CONFIG_NO_SCAN_PROCESSING
|
||||||
|
|
||||||
|
static int has_wep_key(struct wpa_ssid *ssid)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for (i = 0; i < NUM_WEP_KEYS; i++) {
|
||||||
|
if (ssid->wep_key_len[i])
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
|
static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
|
||||||
struct wpa_ssid *ssid)
|
struct wpa_ssid *ssid)
|
||||||
{
|
{
|
||||||
int i, privacy = 0;
|
int privacy = 0;
|
||||||
|
|
||||||
if (ssid->mixed_cell)
|
if (ssid->mixed_cell)
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -347,12 +361,9 @@ static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
|
||||||
return 1;
|
return 1;
|
||||||
#endif /* CONFIG_WPS */
|
#endif /* CONFIG_WPS */
|
||||||
|
|
||||||
for (i = 0; i < NUM_WEP_KEYS; i++) {
|
if (has_wep_key(ssid))
|
||||||
if (ssid->wep_key_len[i]) {
|
privacy = 1;
|
||||||
privacy = 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#ifdef IEEE8021X_EAPOL
|
#ifdef IEEE8021X_EAPOL
|
||||||
if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
|
if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
|
||||||
ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
|
ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
|
||||||
|
@ -818,6 +829,12 @@ static struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
|
||||||
|
has_wep_key(ssid)) {
|
||||||
|
wpa_dbg(wpa_s, MSG_DEBUG, " skip - ignore WPA/WPA2 AP for WEP network block");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if (!wpa_supplicant_match_privacy(bss, ssid)) {
|
if (!wpa_supplicant_match_privacy(bss, ssid)) {
|
||||||
wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy "
|
wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy "
|
||||||
"mismatch");
|
"mismatch");
|
||||||
|
|
Loading…
Reference in a new issue