hostapd/src
Dedy Lansky 071e3bf116 FST: Fix handling of Rx FST Setup Request when session already exists
When we receive FST Setup Request when session already exists, the
following validations take place:
1. we drop the frame if needed according to MAC comparison
2. we drop the frame if the session is "not pending", i.e., if FST
   Setup Response was already exchanged (sent or received).

There are two issues with the above:
1. MAC comparison is relevant only before the Setup Response exchange.
   In other words, Setup Request should not be dropped due to MAC
   comparison after Setup Response has been exchanged.
2. Receiving Setup Request after Setup Response exchange most likely
   means that FST state machine is out of sync with the peer. Dropping
   the Setup Request will not help solve this situation.

The fix is:
1. do MAC comparison only if session is "pending", i.e., Setup Response
   was not yet exchanged.
2. In case Setup Response was already exchanged, reset our session and
   handle the Setup Request as if it arrived when session doesn't exist.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-29 18:41:35 +02:00
..
ap wpa_supplicant: Enable Automatic Channel Selection support for AP mode 2015-12-24 22:24:05 +02:00
common mesh: Fix PMKID to match the standard 2015-12-28 17:21:08 +02:00
crypto Remove unnecessary cleanup assignment in SHA1Final() 2015-12-28 18:12:03 +02:00
drivers nl80211: Don't call linux_iface_up() for a dedicated P2P Device 2015-12-28 17:21:08 +02:00
eap_common EAP-EKE: Merge identical error return paths 2015-12-22 00:10:22 +02:00
eap_peer EAP-TNC peer: Remove dead code related to fragmentation 2015-12-24 19:16:15 +02:00
eap_server EAP-PEAP server: Add support for fast-connect crypto binding 2015-12-19 20:22:43 +02:00
eapol_auth Remove unreachable PMKSA cache entry addition on Access-Accept 2015-10-14 18:43:26 +03:00
eapol_supp Fix EAPOL reauth after FT protocol or offloaded PMKSA cache use 2015-11-19 21:16:18 +02:00
fst FST: Fix handling of Rx FST Setup Request when session already exists 2015-12-29 18:41:35 +02:00
l2_packet l2_packet: Add build option to disable Linux packet socket workaround 2015-10-25 19:56:53 +02:00
p2p P2P: Add support for VHT 80+80 MHz and 160 MHz 2015-11-25 19:01:20 +02:00
pae MACsec: Update protect frames and replay on reauthentication 2014-12-09 16:56:10 +02:00
radius RADIUS: Add EACCES to list of recognized send() errno values 2015-12-24 12:43:05 +02:00
rsn_supp Use wpa_msg() for the "RSN: PMKID mismatch" message 2015-12-22 11:22:19 +02:00
tls TLS: Make tls_cert_chain_failure_event() more robust 2015-12-28 18:31:11 +02:00
utils utils: Fix NULL pointer dereference with unexpected kernel behavior 2015-12-18 00:24:52 +02:00
wps WPS: Support parallel UPnP WPS protocol runs 2015-11-30 16:57:11 +02:00
lib.rules Add QUIET=1 option for make 2014-12-29 15:49:05 +02:00
Makefile FST: Add the Fast Session Transfer (FST) module 2015-07-16 18:26:15 +03:00