aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPo-Lun Lai <llai@qca.qualcomm.com>2013-10-23 10:16:31 (GMT)
committerJouni Malinen <j@w1.fi>2013-10-23 14:47:40 (GMT)
commit47d986e6ffed45a4e2506646a5dbee2c0e1c6209 (patch)
treea71c4fdcb50f3b22af5c57764e644e3c0ab550ae
parentd2592497624d7dff53e71cc01fc2d5db1e59733e (diff)
downloadhostap-47d986e6ffed45a4e2506646a5dbee2c0e1c6209.zip
hostap-47d986e6ffed45a4e2506646a5dbee2c0e1c6209.tar.gz
hostap-47d986e6ffed45a4e2506646a5dbee2c0e1c6209.tar.bz2
P2P: Check Action frame payload match before accepted TX status
It is possible for there to be two pending off-channel TX frames, e.g., when two devices initiate GO Negotiation at more or less the same time. This could result in the TX status report for the first frame clearing wpa_s->pending_action_tx that included the newer frame that has not yet been transmitted (i.e., is waiting to be sent out). Avoid losing that frame by confirming that the TX status payload matches the pending frame before clearing the pending frame and reporting the TX status callback. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--wpa_supplicant/offchannel.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/wpa_supplicant/offchannel.c b/wpa_supplicant/offchannel.c
index d94407c..40cbea1 100644
--- a/wpa_supplicant/offchannel.c
+++ b/wpa_supplicant/offchannel.c
@@ -159,6 +159,21 @@ void offchannel_send_action_tx_status(
return;
}
+ /* Accept report only if the contents of the frame matches */
+ if (data_len - wpabuf_len(wpa_s->pending_action_tx) != 24 ||
+ os_memcmp(data + 24, wpabuf_head(wpa_s->pending_action_tx),
+ wpabuf_len(wpa_s->pending_action_tx)) != 0) {
+ wpa_printf(MSG_DEBUG, "Off-channel: Ignore Action TX status - "
+ "mismatching contents with pending frame");
+ wpa_hexdump(MSG_MSGDUMP, "TX status frame data",
+ data, data_len);
+ wpa_hexdump_buf(MSG_MSGDUMP, "Pending TX frame",
+ wpa_s->pending_action_tx);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "Off-channel: Delete matching pending action frame");
+
wpabuf_free(wpa_s->pending_action_tx);
wpa_s->pending_action_tx = NULL;