path: root/wpa_supplicant/wpas_glue.c
diff options
authorMax Stepanov <Max.Stepanov@intel.com>2015-10-14 09:26:33 (GMT)
committerJouni Malinen <j@w1.fi>2015-11-01 19:00:22 (GMT)
commit73ed03f33323414ba02e50c15149bcb1c37d57e8 (patch)
tree861aaa8f5bbddd46b1bd588a6cf21bc2de64f984 /wpa_supplicant/wpas_glue.c
parentea6030c77f119056868e9b8df06f3200943c61ef (diff)
wpa_supplicant: Add GTK RSC relaxation workaround
Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte order (or by some other corrupted way). Thus, after a successful EAPOL-Key exchange the TSC values of received multicast packets, such as DHCP, don't match the RSC one and as a result these packets are dropped on replay attack TSC verification. An example of such AP is Sapido RB-1732. Work around this by setting RSC octets to 0 on GTK installation if the AP RSC value is identified as a potentially having the byte order issue. This may open a short window during which older (but valid) group-addressed frames could be replayed. However, the local receive counter will be updated on the first received group-addressed frame and the workaround is enabled only if the common invalid cases are detected, so this workaround is acceptable as not decreasing security significantly. The wpa_rsc_relaxation global configuration property allows the GTK RSC workaround to be disabled if it's not needed. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Diffstat (limited to 'wpa_supplicant/wpas_glue.c')
1 files changed, 1 insertions, 0 deletions
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 29c22ba..aaadb95 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1124,6 +1124,7 @@ void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
#endif /* CONFIG_P2P */
+ conf.wpa_rsc_relaxation = wpa_s->conf->wpa_rsc_relaxation;
wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL);