From patchwork Mon Apr 29 11:51:53 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Benjamin Berg <benjamin@sipsolutions.net>
X-Patchwork-Id: 1928956
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=aqwWsHzc;
	dkim=fail reason="signature verification failed" (2048-bit key;
 secure) header.d=sipsolutions.net header.i=@sipsolutions.net
 header.a=rsa-sha256 header.s=mail header.b=ev/u7UwB;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4VShY65h3Gz1ymX
	for <incoming@patchwork.ozlabs.org>; Mon, 29 Apr 2024 21:53:14 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=yPbLjXkxegevB4WYe98hC5pWuTuR3UsvEYDh0DBSabA=; b=aqwWsHzcQQMxdx
	ihTZavtJj0yhsvZYOG85xjJa0Ru3rKBGiDN9Q7t51eakDrXCazPlJPn97hplIcMtzQMkzGKgT0V3q
	NfcMuqVFQezUm6LdtnETd0cYygRDOXHWCt9vAM5//U7eVQ7y4V0r9y5Aemyu62JA446QrN3fiM/Ub
	51T3DRSdCAbU6RZ8D2KWkfrzinvkdEmhQ9y4K9Jk9oL6yT+Sgco9oDI1ZlR2i9qvrrig6nXAab4Sa
	OrbhfbCzJIThlQs0Ai4A8FxJUuSJD7nUfAJxcGPh2quChMQQ5Ysndn02XPLWsynAvl9ljVtOczXlB
	ZRaJTAcs2gJeqnVYrdgg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1s1PZ0-00000002Xaf-0QPl;
	Mon, 29 Apr 2024 11:52:54 +0000
Received: from s3.sipsolutions.net ([2a01:4f8:242:246e::2]
 helo=sipsolutions.net)
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1s1PYR-00000002XCj-15vK
	for hostap@lists.infradead.org;
	Mon, 29 Apr 2024 11:52:20 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version:
	References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Content-Type:Sender
	:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To:
	Resent-Cc:Resent-Message-ID; bh=1XQQpYOnzSOuKpuDtmCNt5iljnAQLo1ftTFzG43x3k4=;
	t=1714391539; x=1715601139; b=ev/u7UwB1ux9VAozQQVRMlbUEUI376sfk5GAPJN7wgFDL3Z
	cVh2CacxKMGI33/8YaCYrtD3Ko/c3TX8XABfMnCEoGooz0pkpwRfyh1m72/soz9pH0omxHZ7p6oBm
	M6hV1hPPNQPGxWiUpUqUWyU0wz+F4rQ4k/7vlJqkTaCZlF5ktGNLvS1V/5IX5npacY1ZjCzS6qtI/
	oG8Jc21ye9SIl4JmJMmGt2oE5SmVVt6RsP0UDLajLorESq982/k5HqmzyDdC1K7/E5quph3ufM2A2
	goSRM12qthCQzK92dLQDv87TrK2iRRrQHNbRGJ7YpWqE6UboZS+XSFEkTGsirY2Q==;
Received: by sipsolutions.net with esmtpsa
 (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.97)
	(envelope-from <benjamin@sipsolutions.net>)
	id 1s1PYP-0000000CNIg-0seM;
	Mon, 29 Apr 2024 13:52:17 +0200
From: benjamin@sipsolutions.net
To: hostap@lists.infradead.org
Cc: Benjamin Berg <benjamin.berg@intel.com>
Subject: [PATCH 12/16] WNM: Reject requests with an invalid dialog token
Date: Mon, 29 Apr 2024 13:51:53 +0200
Message-ID: <20240429115157.211073-13-benjamin@sipsolutions.net>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240429115157.211073-1-benjamin@sipsolutions.net>
References: <20240429115157.211073-1-benjamin@sipsolutions.net>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240429_045219_422507_A72BBF73 
X-CRM114-Status: UNSURE (   8.64  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Benjamin Berg <benjamin.berg@intel.com> The dialog
 token
    must be non-zero. We are using this fact internally to track the state in
    some cases,
 so ensure that the assumption is valid. Signed-off-by: Benjamin
    Berg <benjamin.berg@intel.com> --- wpa_supplicant/wnm_sta.c | 6 ++++++ 1
   file changed, 6 insertions(+)
 Content analysis details:   (-0.2 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's
                             domain
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

From: Benjamin Berg <benjamin.berg@intel.com>

The dialog token must be non-zero. We are using this fact internally to
track the state in some cases, so ensure that the assumption is valid.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
---
 wpa_supplicant/wnm_sta.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 4a3fd5eb1..f0cbf914c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -1347,6 +1347,12 @@ static void ieee802_11_rx_bss_trans_mgmt_req(struct wpa_supplicant *wpa_s,
 		   wpa_s->wnm_dialog_token, wpa_s->wnm_mode,
 		   wpa_s->wnm_dissoc_timer, valid_int);
 
+	if (!wpa_s->wnm_dialog_token) {
+		wpa_printf(MSG_DEBUG, "WNM: invalid dialog token");
+		wnm_btm_reset(wpa_s);
+		return;
+	}
+
 #if defined(CONFIG_MBO) && defined(CONFIG_TESTING_OPTIONS)
 	if (wpa_s->reject_btm_req_reason) {
 		wpa_printf(MSG_INFO,