aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorAndriy Tkachuk <andriy.v.tkachuk@globallogic.com>2009-11-11 15:33:55 (GMT)
committerJouni Malinen <j@w1.fi>2009-11-11 15:33:55 (GMT)
commit355d36a7bf5b14df80e3f73d71b9089008fd517b (patch)
treecf4e8b9ff6d71ada94d6d49cfec41e2131c2b432 /hostapd
parent3d3d3056458ba3df7b2ae4a3c6c2adae699eb46f (diff)
downloadhostap-355d36a7bf5b14df80e3f73d71b9089008fd517b.zip
hostap-355d36a7bf5b14df80e3f73d71b9089008fd517b.tar.gz
hostap-355d36a7bf5b14df80e3f73d71b9089008fd517b.tar.bz2
Disassociate STA if it associated with invalid/missing WPA/RSN IE
When using drivers that process management frames internally (e.g., madwifi, atheros, bsd), the driver may accept association with IEs that do not match the security policy. Instead of silently leaving the station associated, explicitly disassociate it to clear the driver entry immediately.
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/drv_callbacks.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/hostapd/drv_callbacks.c b/hostapd/drv_callbacks.c
index 6c940b5..c6480f3 100644
--- a/hostapd/drv_callbacks.c
+++ b/hostapd/drv_callbacks.c
@@ -284,9 +284,26 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
ie, ielen, NULL, 0);
if (res != WPA_IE_OK) {
+ int resp;
wpa_printf(MSG_DEBUG, "WPA/RSN information element "
"rejected? (res %u)", res);
wpa_hexdump(MSG_DEBUG, "IE", ie, ielen);
+ if (res == WPA_INVALID_GROUP)
+ resp = WLAN_REASON_GROUP_CIPHER_NOT_VALID;
+ else if (res == WPA_INVALID_PAIRWISE)
+ resp = WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID;
+ else if (res == WPA_INVALID_AKMP)
+ resp = WLAN_REASON_AKMP_NOT_VALID;
+#ifdef CONFIG_IEEE80211W
+ else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
+ resp = WLAN_REASON_INVALID_IE;
+ else if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
+ resp = WLAN_REASON_GROUP_CIPHER_NOT_VALID;
+#endif /* CONFIG_IEEE80211W */
+ else
+ resp = WLAN_REASON_INVALID_IE;
+ hostapd_sta_disassoc(hapd, sta->addr, resp);
+ ap_free_sta(hapd, sta);
return -1;
}
} else if (hapd->conf->wps_state) {