diff mbox series

[1/2] SME: Fix order of WPA IE in association request

Message ID 1535032353-323-1-git-send-email-andrei.otcheretianski@intel.com
State Accepted
Headers show
Series [1/2] SME: Fix order of WPA IE in association request | expand

Commit Message

Otcheretianski, Andrei Aug. 23, 2018, 1:52 p.m. UTC 
From: Ilan Peer <ilan.peer@intel.com>

In case that the protocol used for association is WPA the
WPA IE is inserted before other (non vendor specific) IE elements.
This is not in accordance to the specification that states that
vendor IEs should be placed after all the non vendor IEs are placed.
In addition, this would cause the low layers to fail to properly order
information elements.

To fix this, if the protocol used is WPA, store the WPA IE and reinsert
it after all the non vendor specific IEs were placed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
---
 wpa_supplicant/sme.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

Comments

Jouni Malinen Oct. 20, 2018, 3:57 p.m. UTC | #1 
Thanks, both applied.
diff mbox series

Patch

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index d57195f..abe40c1 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -240,6 +240,8 @@  static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 	u8 ext_capab[18];
 	int ext_capab_len;
 	int skip_auth;
+	u8 *wpa_ie;
+	size_t wpa_ie_len;
 
 	if (bss == NULL) {
 		wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
@@ -388,6 +390,28 @@  static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 		wpa_s->sme.assoc_req_ie_len = 0;
 	}
 
+	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: wpa_proto=0x0%x", wpa_s->wpa_proto);
+
+	/* In case that the WPA vendor IE is used, it should be placed after all
+	 * the non-vendor IEs, as the lower layer expects the IEs to be ordered
+	 * as defined in the specification. Store the WPA IE so it can later be
+	 * inserted.
+	 */
+	wpa_ie = NULL;
+	wpa_ie_len = 0;
+	if (wpa_s->wpa_proto == WPA_PROTO_WPA) {
+		wpa_ie = os_memdup(wpa_s->sme.assoc_req_ie,
+				   wpa_s->sme.assoc_req_ie_len);
+		if (wpa_ie) {
+			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: storing WPA IE");
+
+			wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
+			wpa_s->sme.assoc_req_ie_len = 0;
+		} else {
+			wpa_dbg(wpa_s, MSG_WARNING, "WPA: failed copy WPA IE");
+		}
+	}
+
 #ifdef CONFIG_IEEE80211R
 	ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
 	if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
@@ -524,6 +548,26 @@  static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 	}
 #endif /* CONFIG_HS20 */
 
+	if (wpa_ie) {
+		size_t len;
+
+		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: reinsert WPA IE");
+
+		len = sizeof(wpa_s->sme.assoc_req_ie) -
+			wpa_s->sme.assoc_req_ie_len;
+
+		if (len > wpa_ie_len) {
+			os_memcpy(wpa_s->sme.assoc_req_ie +
+				  wpa_s->sme.assoc_req_ie_len,
+				  wpa_ie, wpa_ie_len);
+			wpa_s->sme.assoc_req_ie_len += wpa_ie_len;
+		} else {
+			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: failed to add WPA IE");
+		}
+
+		os_free(wpa_ie);
+	}
+
 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
 		size_t len;