Fix memcmp() to return proper standard positive/negative
values for unequal comparisons. Similar to commit 3946aa9. The
current implementation is backwards (i.e. the functions are returning
negative when they should be positive and vice-versa).
Currently all other consumers of these functions only check the return value
for ==0 or !=0 and so we can safely change the implementation without
breaking things.
However, there is one call that checks the polarity of
`memcmp()`, and that is
[wpa_derive_ptk()](https://github.com/ipxe/ipxe/blob/8f1514a00450119b04b08642c55aa674bdf5a4ef/src/net/80211/wpa.c#L290-L305)
during the wireless WPA 4-way
handshake. Due to the incorrect memcmp polarity, the WPA handshake
creates an incorrect PTK, and the handshake would fail after step 2.
Undoubtedly, the AP noticed the supplicant failed the mic check. This
commit fixes that issue.
Signed-off-by: Michael Bazzinotti b...@bazz1.com
P.S. This wpa handshake bug is believed to have been longstanding for several
years, and based on my current understanding, it possibly dates back to the
release of the ipxe wpa feature itself. That makes no sense, but lets look
at what I have uncovered. It seems a user encountered the exact same issue in
[iPXE forums in 2016](https://forum.ipxe.org/showthread.php?tid=7943): a mic
check failure. I realize net booting wirelessly is not popular nor well
supported, and in that way bugs can live for a long time without being
addressed. HOWEVER!
`wpa_derive_ptk()` would never run successfully unless with a different
`memcmp()` function, due to the reversed polarity. How could a single person
have ever successfully joined a WPA network using ipxes `memcmp()`? I
assume the code was ran successfully in the past, right? In those cases, was
some other `memcmp()` somehow being used? For example, could the systems
native memcmp() accidently have been superceding ipxes?
In any case, it seems a properly built ipxe that uses its internal `memcmp`
could never generate a correct wpa ptk using `wpa_derive_ptk()` ? If you have
any additional information to explain why, please by all means. Or join me in a
state of wonder. Thanks
You can view, comment on, or merge this pull request online at:
https://github.com/ipxe/ipxe/pull/103
-- Commit Summary --
* [libc] Fix memcmp() to return proper values
* [wpa] fix erroneous dbg printout in wpa_derive_ptk
-- File Changes --
M src/core/string.c (2)
M src/net/80211/wpa.c (9)
-- Patch Links --
https://github.com/ipxe/ipxe/pull/103.patch
https://github.com/ipxe/ipxe/pull/103.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/103
___
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo/ipxe-devel
