From 5de2a19562fcc87e8a1b15719cc9f4a9fd3889df Mon Sep 17 00:00:00 2001 From: damien Date: Wed, 13 Aug 2008 17:38:02 +0000 Subject: [PATCH] do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length. --- sys/net80211/ieee80211_pae_input.c | 40 +++++++++++++----------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/sys/net80211/ieee80211_pae_input.c b/sys/net80211/ieee80211_pae_input.c index 3f841dfd78b..6866c0aaad8 100644 --- a/sys/net80211/ieee80211_pae_input.c +++ b/sys/net80211/ieee80211_pae_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_pae_input.c,v 1.10 2008/08/12 19:29:07 damien Exp $ */ +/* $OpenBSD: ieee80211_pae_input.c,v 1.11 2008/08/13 17:38:02 damien Exp $ */ /*- * Copyright (c) 2007,2008 Damien Bergamini @@ -97,8 +97,6 @@ ieee80211_eapol_key_input(struct ieee80211com *ic, struct mbuf *m0, ic->ic_stats.is_rx_nombuf++; goto done; } - - ic->ic_stats.is_rx_eapol_key++; key = mtod(m0, struct ieee80211_eapol_key *); if (key->type != EAPOL_KEY) @@ -112,7 +110,7 @@ ieee80211_eapol_key_input(struct ieee80211com *ic, struct mbuf *m0, goto done; /* check packet body length */ - if (m0->m_len < 4 + BE_READ_2(key->len)) + if (m0->m_pkthdr.len < 4 + BE_READ_2(key->len)) goto done; /* check key data length */ @@ -127,15 +125,15 @@ ieee80211_eapol_key_input(struct ieee80211com *ic, struct mbuf *m0, if (desc < EAPOL_KEY_DESC_V1 || desc > EAPOL_KEY_DESC_V3) goto done; - if ((ni->ni_rsnakms == IEEE80211_AKM_SHA256_8021X || - ni->ni_rsnakms == IEEE80211_AKM_SHA256_PSK) && - desc != EAPOL_KEY_DESC_V3) - goto done; - - if ((ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || - ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) && - desc != EAPOL_KEY_DESC_V2) - goto done; + if (ni->ni_rsnakms == IEEE80211_AKM_SHA256_8021X || + ni->ni_rsnakms == IEEE80211_AKM_SHA256_PSK) { + if (desc != EAPOL_KEY_DESC_V3) + goto done; + } else if (ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || + ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) { + if (desc != EAPOL_KEY_DESC_V2) + goto done; + } /* make sure the key data field is contiguous */ if (m0->m_len < totlen && (m0 = m_pullup2(m0, totlen)) == NULL) { @@ -511,11 +509,6 @@ ieee80211_recv_4way_msg3(struct ieee80211com *ic, if (gtk != NULL) { u_int8_t kid; - /* check that the GTK KDE is valid */ - if (gtk[1] < 4 + 2) { - reason = IEEE80211_REASON_AUTH_LEAVE; - goto deauth; - } /* check that key length matches that of group cipher */ keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); if (gtk[1] != 6 + keylen) { @@ -766,9 +759,9 @@ ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic, } frm += 2 + frm[1]; } - /* check that the GTK KDE is present and valid */ - if (gtk == NULL || gtk[1] < 4 + 2) { - DPRINTF(("missing or invalid GTK KDE\n")); + /* check that the GTK KDE is present */ + if (gtk == NULL) { + DPRINTF(("GTK KDE missing\n")); return; } @@ -878,10 +871,9 @@ ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic, DPRINTF(("decryption failed\n")); return; } - info = BE_READ_2(key->info); - keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); /* check that key length matches that of group cipher */ + keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); if (BE_READ_2(key->keylen) != keylen) return; @@ -889,6 +881,8 @@ ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic, if (BE_READ_2(key->paylen) < keylen) return; + info = BE_READ_2(key->info); + /* map GTK to 802.11 key */ kid = (info >> EAPOL_KEY_WPA_KID_SHIFT) & 3; k = &ic->ic_nw_keys[kid]; -- 2.20.1