URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f42616a6216454656b7b958955d336d7b304714f
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-1.12
Repository: wireshark
Commits:
f42616a by Alexander Wetzel (alexander.wetzel@xxxxxx):
WPA/WPA2 decoding fixes and improvements
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Change-Id: I5bf8ec442c262e92f2d09b706ec83bc78fec8fec
Ping-Bug: 9065
Reviewed-on: https://code.wireshark.org/review/12802
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from 3065829 airpdcap: add free_key_string function, fix memleaks
adds f42616a WPA/WPA2 decoding fixes and improvements
Summary of changes:
epan/crypt/airpdcap.c | 366 +++++++++++++++------------------
epan/crypt/airpdcap_system.h | 3 +-
epan/crypt/airpdcap_user.h | 11 +
epan/dissectors/packet-ieee80211.c | 89 +++-----
test/captures/wpa-test-decode.pcap.gz | Bin 0 -> 167294 bytes
test/config/80211_keys.tmpl | 1 +
test/suite-decryption.sh | 17 ++
7 files changed, 227 insertions(+), 260 deletions(-)
create mode 100644 test/captures/wpa-test-decode.pcap.gz