From 39366733c3fe943363566756e2e152c45a1b3cb2 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 25 May 2018 23:29:36 +0000 Subject: Fri May 25 23:29:36 UTC 2018 patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific. --- ...llow-multiple-Reassociation-Response-fram.patch | 82 ++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 patches/source/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch (limited to 'patches/source/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch') diff --git a/patches/source/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/patches/source/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch new file mode 100644 index 000000000..b9678f681 --- /dev/null +++ b/patches/source/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch @@ -0,0 +1,82 @@ +From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 22 Sep 2017 12:06:37 +0300 +Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames + +The driver is expected to not report a second association event without +the station having explicitly request a new association. As such, this +case should not be reachable. However, since reconfiguring the same +pairwise or group keys to the driver could result in nonce reuse issues, +be extra careful here and do an additional state check to avoid this +even if the local driver ends up somehow accepting an unexpected +Reassociation Response frame. + +Signed-off-by: Jouni Malinen +--- + src/rsn_supp/wpa.c | 3 +++ + src/rsn_supp/wpa_ft.c | 8 ++++++++ + src/rsn_supp/wpa_i.h | 1 + + 3 files changed, 12 insertions(+) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 0550a41..2a53c6f 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) + #ifdef CONFIG_TDLS + wpa_tdls_disassoc(sm); + #endif /* CONFIG_TDLS */ ++#ifdef CONFIG_IEEE80211R ++ sm->ft_reassoc_completed = 0; ++#endif /* CONFIG_IEEE80211R */ + + /* Keys are not needed in the WPA state machine anymore */ + wpa_sm_drop_sa(sm); +diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c +index 205793e..d45bb45 100644 +--- a/src/rsn_supp/wpa_ft.c ++++ b/src/rsn_supp/wpa_ft.c +@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, + u16 capab; + + sm->ft_completed = 0; ++ sm->ft_reassoc_completed = 0; + + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + + 2 + sm->r0kh_id_len + ric_ies_len + 100; +@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ if (sm->ft_reassoc_completed) { ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); ++ return 0; ++ } ++ + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); + return -1; +@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ sm->ft_reassoc_completed = 1; ++ + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) + return -1; + +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 41f371f..56f88dc 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -128,6 +128,7 @@ struct wpa_sm { + size_t r0kh_id_len; + u8 r1kh_id[FT_R1KH_ID_LEN]; + int ft_completed; ++ int ft_reassoc_completed; + int over_the_ds_in_progress; + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ + int set_ptk_after_assoc; +-- +2.7.4 + -- cgit v1.2.3