mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 21:22:37 +01:00
eapol: Drop unexpectedly unencrypted EAP frames
After the initial handshake, once the TK has been installed, all frames coming from the AP should be encrypted. However, it seems that some kernel/driver combinations allow unencrypted EAPoL frames to be received and forwarded to userspace. This can lead to a denial-of-service attack where receipt of an invalid, unencrypted EAP-Failure frame generated by an adversary results in iwd terminating an ongoing connection. Some drivers can report whether the EAPoL frame has been received unencrypted. Use this information to drop unencrypted EAP frames received after the initial handshake has been completed. Reported-by: Domien Schepers <schepers.d@northeastern.edu>
This commit is contained in:
parent
5b42cb6cda
commit
ccdea73df2
@ -2620,6 +2620,11 @@ static void eapol_rx_packet(uint16_t proto, const uint8_t *from,
|
|||||||
|
|
||||||
switch (frame->header.packet_type) {
|
switch (frame->header.packet_type) {
|
||||||
case 0: /* EAPOL-EAP */
|
case 0: /* EAPOL-EAP */
|
||||||
|
if (sm->handshake->ptk_complete && unencrypted) {
|
||||||
|
l_debug("Dropping unexpected unencrypted EAP frame");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
l_timeout_remove(sm->eapol_start_timeout);
|
l_timeout_remove(sm->eapol_start_timeout);
|
||||||
sm->eapol_start_timeout = 0;
|
sm->eapol_start_timeout = 0;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user