mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-01 11:36:49 +00:00
80b58a9db6
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.
The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*
The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.
The size of the ipkgs increase a bit (between 1.3% and 2.3%):
old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6)
67 lines
2.4 KiB
Diff
67 lines
2.4 KiB
Diff
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Thu, 29 Aug 2019 11:52:04 +0300
|
|
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
|
|
address
|
|
|
|
Do not process any received Management frames with unexpected/invalid SA
|
|
so that we do not add any state for unexpected STA addresses or end up
|
|
sending out frames to unexpected destination. This prevents unexpected
|
|
sequences where an unprotected frame might end up causing the AP to send
|
|
out a response to another device and that other device processing the
|
|
unexpected response.
|
|
|
|
In particular, this prevents some potential denial of service cases
|
|
where the unexpected response frame from the AP might result in a
|
|
connected station dropping its association.
|
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
---
|
|
src/ap/drv_callbacks.c | 13 +++++++++++++
|
|
src/ap/ieee802_11.c | 12 ++++++++++++
|
|
2 files changed, 25 insertions(+)
|
|
|
|
--- a/src/ap/drv_callbacks.c
|
|
+++ b/src/ap/drv_callbacks.c
|
|
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_d
|
|
"hostapd_notif_assoc: Skip event with no address");
|
|
return -1;
|
|
}
|
|
+
|
|
+ if (is_multicast_ether_addr(addr) ||
|
|
+ is_zero_ether_addr(addr) ||
|
|
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
|
|
+ /* Do not process any frames with unexpected/invalid SA so that
|
|
+ * we do not add any state for unexpected STA addresses or end
|
|
+ * up sending out frames to unexpected destination. */
|
|
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
|
|
+ " in received indication - ignore this indication silently",
|
|
+ __func__, MAC2STR(addr));
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
random_add_randomness(addr, ETH_ALEN);
|
|
|
|
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
|
|
--- a/src/ap/ieee802_11.c
|
|
+++ b/src/ap/ieee802_11.c
|
|
@@ -4463,6 +4463,18 @@ int ieee802_11_mgmt(struct hostapd_data
|
|
fc = le_to_host16(mgmt->frame_control);
|
|
stype = WLAN_FC_GET_STYPE(fc);
|
|
|
|
+ if (is_multicast_ether_addr(mgmt->sa) ||
|
|
+ is_zero_ether_addr(mgmt->sa) ||
|
|
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
|
|
+ /* Do not process any frames with unexpected/invalid SA so that
|
|
+ * we do not add any state for unexpected STA addresses or end
|
|
+ * up sending out frames to unexpected destination. */
|
|
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
|
|
+ " in received frame - ignore this frame silently",
|
|
+ MAC2STR(mgmt->sa));
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
if (stype == WLAN_FC_STYPE_BEACON) {
|
|
handle_beacon(hapd, mgmt, len, fi);
|
|
return 1;
|