summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5025580)
raw | patch | inline | side by side (parent: 5025580)
author | Eyal Shapira <eyal@wizery.com> | |
Wed, 8 Feb 2012 14:51:01 +0000 (16:51 +0200) | ||
committer | Eyal Shapira <eyal@wizery.com> | |
Thu, 15 Mar 2012 14:35:58 +0000 (16:35 +0200) |
Additional assoc_reqs received after an initial assoc_req (due to a timeout
in the STA) was already being handled caused the handle_assoc flow to
run again and in the process delete the station added to the driver
(in add_pre_assoc_sta). A race would occur where assoc_resp
was already sent to the STA (as part of the handling of the initial
assoc_req) and it sent a null data packet which arrived
while the station was deleted. This caused the packet to be classified
as a class 3 frame coming from an unknown STA and a deauth
would occur. Fix this by discarding additional assoc_req between
receiving the 1st assoc_req and getting a tx callback for the assoc_resp.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
in the STA) was already being handled caused the handle_assoc flow to
run again and in the process delete the station added to the driver
(in add_pre_assoc_sta). A race would occur where assoc_resp
was already sent to the STA (as part of the handling of the initial
assoc_req) and it sent a null data packet which arrived
while the station was deleted. This caused the packet to be classified
as a class 3 frame coming from an unknown STA and a deauth
would occur. Fix this by discarding additional assoc_req between
receiving the 1st assoc_req and getting a tx callback for the assoc_resp.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
src/ap/ieee802_11.c | patch | blob | history |
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 92c34fa562c1ff2cfc683f8dfd059b2fba866bfd..6c3ed6d89829235e839900f8ee54e212aef2f26e 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
return;
}
+ if ((sta->flags & WLAN_STA_ASSOC_REQ_OK) &&
+ !(sta->flags & WLAN_STA_ASSOC)) {
+ hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_INFO, "Station sent another "
+ "assoc req before assoc resp. Discarding");
+ return;
+ }
+
if (hapd->tkip_countermeasures) {
resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
goto fail;
"did not acknowledge association response");
if (status == WLAN_STATUS_SUCCESS)
hostapd_drv_sta_remove(hapd, sta->addr);
+ sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
return;
}