Home Verkennen Help
Inloggen
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

qcacld-3.0: Validate FILS ERP key lengths in connect request

If ERP key lengths are greater than maximum valid lengths,
currently the connect request is allowed to go through.
Allow fils connection to go through only if erp keys are
not sent in connect. If erp information is present, validate
the rrk, realm, username length.

Add changes to lookup pmkid based on bssid also in addition to
the existing logic to lookup based on fils cache_id and ssid.

Change-Id: Iebde1f382b7db13553b848a459cb4a783744c2a6
CRs-Fixed: 2732050
Pragaspathi Thilagaraj 4 jaren geleden
bovenliggende
d4bf5ac73b
commit
f16ee17015
4 gewijzigde bestanden met toevoegingen van 20 en 13 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 5 7
      core/hdd/src/wlan_hdd_cfg80211.c
  2. 6 1
      core/sme/src/csr/csr_api_roam.c
  3. 2 1
      core/sme/src/csr/csr_inside_api.h
  4. 7 4
      core/sme/src/csr/csr_util.c

+ 5 - 7
core/hdd/src/wlan_hdd_cfg80211.c
Bestand weergeven 

@@ -18698,23 +18698,21 @@ static bool wlan_hdd_fils_data_in_limits(struct cfg80211_connect_params *req)
 
 		  req->fils_erp_next_seq_num, req->auth_type,
 
 		  req->fils_erp_username_len, req->fils_erp_rrk_len,
 
 		  req->fils_erp_realm_len);
 
-	if (req->fils_erp_rrk_len || req->fils_erp_realm_len ||
 
-	    req->fils_erp_username_len ||
 
-	    req->fils_erp_rrk_len > FILS_MAX_RRK_LENGTH ||
 
+
 
+	if (req->fils_erp_rrk_len > FILS_MAX_RRK_LENGTH ||
 
 	    req->fils_erp_realm_len > FILS_MAX_REALM_LEN ||
 
 	    req->fils_erp_username_len > FILS_MAX_KEYNAME_NAI_LENGTH) {
 
 		hdd_err("length incorrect, user=%zu rrk=%zu realm=%zu",
 
 			req->fils_erp_username_len, req->fils_erp_rrk_len,
 
 			req->fils_erp_realm_len);
 
-		return true;
 
+		return false;
 
 	}
 
 
 	if (!req->fils_erp_rrk || !req->fils_erp_realm ||
 
-	    !req->fils_erp_username) {
 
-		hdd_err("buffer incorrect, user=%pK rrk=%pK realm=%pK",
 
+	    !req->fils_erp_username)
 
+		hdd_err("ERP info is NULL, user=%pK rrk=%pK realm=%pK",
 
 			req->fils_erp_username, req->fils_erp_rrk,
 
 			req->fils_erp_realm);
 
-	}
 
 
 	return true;
 
 }

+ 6 - 1
core/sme/src/csr/csr_api_roam.c
Bestand weergeven 

@@ -14422,6 +14422,7 @@ csr_validate_and_update_fils_info(struct mac_context *mac,
 
 				  uint8_t vdev_id)
 
 {
 
 	uint8_t cache_id[CACHE_ID_LEN] = {0};
 
+	struct qdf_mac_addr bssid;
 
 
 	if (!profile->fils_con_info)
 
 		return QDF_STATUS_SUCCESS;
 
@@ -14440,12 +14441,16 @@ csr_validate_and_update_fils_info(struct mac_context *mac,
 
 			  cache_id[0], cache_id[1]);
 
 	}
 
 
+	qdf_mem_copy(bssid.bytes,
 
+		     csr_join_req->bssDescription.bssId,
 
+		     QDF_MAC_ADDR_SIZE);
 
+
 
 	if ((!profile->fils_con_info->r_rk_length ||
 
 	     !profile->fils_con_info->key_nai_length) &&
 
 	    !bss_desc->fils_info_element.is_cache_id_present &&
 
 	    !csr_lookup_fils_pmkid(mac, vdev_id, cache_id,
 
 				   csr_join_req->ssId.ssId,
 
-				   csr_join_req->ssId.length))
 
+				   csr_join_req->ssId.length, &bssid))
 
 		return QDF_STATUS_E_FAILURE;
 
 
 	qdf_mem_copy(&csr_join_req->fils_con_info,

+ 2 - 1
core/sme/src/csr/csr_inside_api.h
Bestand weergeven 

@@ -1082,12 +1082,13 @@ bool csr_lookup_pmkid_using_bssid(struct mac_context *mac,
 
  * @cache_id:  FILS cache id
 
  * @ssid:      SSID pointer
 
  * @ssid_len:  SSID length
 
+ * @bssid:     Pointer to the BSSID to lookup
 
  *
 
  * Return: True if lookup is successful
 
  */
 
 bool csr_lookup_fils_pmkid(struct mac_context *mac, uint8_t vdev_id,
 
 			   uint8_t *cache_id, uint8_t *ssid,
 
-			   uint8_t ssid_len);
 
+			   uint8_t ssid_len, struct qdf_mac_addr *bssid);
 
 /**
 
  * csr_is_pmkid_found_for_peer() - check if pmkid sent by peer is present
 
 				   in PMK cache. Used in SAP mode.

+ 7 - 4
core/sme/src/csr/csr_util.c
Bestand weergeven 

@@ -2695,9 +2695,10 @@ bool csr_lookup_pmkid_using_bssid(struct mac_context *mac,
 
 
 bool csr_lookup_fils_pmkid(struct mac_context *mac,
 
 			   uint8_t vdev_id, uint8_t *cache_id,
 
-			   uint8_t *ssid, uint8_t ssid_len)
 
+			   uint8_t *ssid, uint8_t ssid_len,
 
+			   struct qdf_mac_addr *bssid)
 
 {
 
-	struct wlan_crypto_pmksa *pmksa;
 
+	struct wlan_crypto_pmksa *fils_ssid_pmksa, *bssid_lookup_pmksa;
 
 	struct wlan_objmgr_vdev *vdev;
 
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac->psoc, vdev_id,
 
@@ -2707,8 +2708,10 @@ bool csr_lookup_fils_pmkid(struct mac_context *mac,
 
 		return false;
 
 	}
 
 
-	pmksa = wlan_crypto_get_fils_pmksa(vdev, cache_id, ssid, ssid_len);
 
-	if (!pmksa) {
 
+	bssid_lookup_pmksa = wlan_crypto_get_pmksa(vdev, bssid);
 
+	fils_ssid_pmksa =
 
+		wlan_crypto_get_fils_pmksa(vdev, cache_id, ssid, ssid_len);
 
+	if (!fils_ssid_pmksa && !bssid_lookup_pmksa) {
 
 		sme_err("FILS_PMKSA: Lookup failed");
 
 		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
 
 		return false;