From patchwork Thu Aug 23 13:52:32 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Otcheretianski,
 Andrei" <andrei.otcheretianski@intel.com>
X-Patchwork-Id: 961243
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="JMDGHCMk";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41x0Fm4p5tz9s3C
	for <incoming@patchwork.ozlabs.org>;
	Thu, 23 Aug 2018 19:57:32 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=UCZevAjd+x/cRpxx0NpcH6h3+9ctuZwMGo2YGjAHVZc=;
	b=JMD
	GHCMkr1dNQNC41geWdJ+hdZfUgwyO/Sek3S974JfZzQEKckLsie++QKb0a/HN3BQ79rIBBz8PJJX8
	7x+75A/RCfJmf1ioUBtYTwfL72YZylY9zLCqL3/deoAwGysV+iGSsXq30i6qjd0XgncggkBDg7xGX
	W34cxiHwzr6rGi9MS3xWvoVxA9uVmmf42Vl0iQ26kM84WubUkfP1kwrFEYfEFBOBucUJAYbZx/8fe
	XOt6zbeoMzpMsEIDUaIY5qkw6YOqYV5z+vlWmuy6phgx9Wc5bBFe7j0Pz9bImCLGnGftNx1V7EexN
	5vVTZm8WUgSZqs4KJY875vsLZ9gVIfQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1fsmMe-0005DL-DK; Thu, 23 Aug 2018 09:57:16 +0000
Received: from mga03.intel.com ([134.134.136.65])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1fsmMb-0005CE-CV
	for hostap@lists.infradead.org; Thu, 23 Aug 2018 09:57:14 +0000
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
	by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	23 Aug 2018 02:57:02 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,278,1531810800"; d="scan'208";a="227033657"
Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com)
	([10.12.217.183])
	by orsmga004.jf.intel.com with ESMTP; 23 Aug 2018 02:57:01 -0700
From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
To: hostap@lists.infradead.org
Subject: [PATCH 1/2] SME: Fix order of WPA IE in association request
Date: Thu, 23 Aug 2018 16:52:32 +0300
Message-Id: <1535032353-323-1-git-send-email-andrei.otcheretianski@intel.com>
X-Mailer: git-send-email 2.7.4
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180823_025713_468893_9349314D 
X-CRM114-Status: GOOD (  15.26  )
X-Spam-Score: -2.6 (--)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-2.6 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/,
	high trust [134.134.136.65 listed in list.dnswl.org]
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Ilan Peer <ilan.peer@intel.com>
MIME-Version: 1.0
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

From: Ilan Peer <ilan.peer@intel.com>

In case that the protocol used for association is WPA the
WPA IE is inserted before other (non vendor specific) IE elements.
This is not in accordance to the specification that states that
vendor IEs should be placed after all the non vendor IEs are placed.
In addition, this would cause the low layers to fail to properly order
information elements.

To fix this, if the protocol used is WPA, store the WPA IE and reinsert
it after all the non vendor specific IEs were placed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
---
 wpa_supplicant/sme.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index d57195f..abe40c1 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -240,6 +240,8 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 	u8 ext_capab[18];
 	int ext_capab_len;
 	int skip_auth;
+	u8 *wpa_ie;
+	size_t wpa_ie_len;
 
 	if (bss == NULL) {
 		wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
@@ -388,6 +390,28 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 		wpa_s->sme.assoc_req_ie_len = 0;
 	}
 
+	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: wpa_proto=0x0%x", wpa_s->wpa_proto);
+
+	/* In case that the WPA vendor IE is used, it should be placed after all
+	 * the non-vendor IEs, as the lower layer expects the IEs to be ordered
+	 * as defined in the specification. Store the WPA IE so it can later be
+	 * inserted.
+	 */
+	wpa_ie = NULL;
+	wpa_ie_len = 0;
+	if (wpa_s->wpa_proto == WPA_PROTO_WPA) {
+		wpa_ie = os_memdup(wpa_s->sme.assoc_req_ie,
+				   wpa_s->sme.assoc_req_ie_len);
+		if (wpa_ie) {
+			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: storing WPA IE");
+
+			wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
+			wpa_s->sme.assoc_req_ie_len = 0;
+		} else {
+			wpa_dbg(wpa_s, MSG_WARNING, "WPA: failed copy WPA IE");
+		}
+	}
+
 #ifdef CONFIG_IEEE80211R
 	ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
 	if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
@@ -524,6 +548,26 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 	}
 #endif /* CONFIG_HS20 */
 
+	if (wpa_ie) {
+		size_t len;
+
+		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: reinsert WPA IE");
+
+		len = sizeof(wpa_s->sme.assoc_req_ie) -
+			wpa_s->sme.assoc_req_ie_len;
+
+		if (len > wpa_ie_len) {
+			os_memcpy(wpa_s->sme.assoc_req_ie +
+				  wpa_s->sme.assoc_req_ie_len,
+				  wpa_ie, wpa_ie_len);
+			wpa_s->sme.assoc_req_ie_len += wpa_ie_len;
+		} else {
+			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: failed to add WPA IE");
+		}
+
+		os_free(wpa_ie);
+	}
+
 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
 		size_t len;