#12757 NORM Future : XO-1 wireless scan results truncated by nearby mesh nodes
Zarro Boogs per Child
bugtracker at laptop.org
Tue Feb 11 00:20:06 EST 2014
#12757: XO-1 wireless scan results truncated by nearby mesh nodes
------------------------------+---------------------------------------------
Reporter: Quozl | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Future Release
Component: kernel | Version: Software Build 13.2.0-13
Resolution: | Keywords:
Next_action: review | Verified: 0
Deployment_affected: | Blockedby:
Blocking: |
------------------------------+---------------------------------------------
Changes (by Quozl):
* next_action: diagnose => review
Comment:
A test was run with LBS_DEB_SCAN enabled, with two TP-Link WR703N access
points. Two nearby XO-1s were configured with mesh active.
Scans were run repeatedly until a truncated scan result set was detected;
without the first access point.
http://dev.laptop.org/~quozl/z/1WCi7J.txt
LBS_DEB_HEX was enabled, and another truncated scan result set captured;
again without the first access point.
http://dev.laptop.org/~quozl/z/1WCiFF.txt
{{{
scan response: invalid IE fmt
}}}
When the scan results contained a probe response from a laptop that has
mesh enabled, the SSID IE is zero length, and this caused further
processing of the scan results to stop, even though there were valid
results from access points in the buffer ''after'' the mesh probe
response.
This is a bug in the driver, and has been present from day zero.
It is a denial of service security vulnerability, because it makes it
possible to hide an AP from the laptop by transmitting a probe response
with a zero length SSID IE.
Fixed in http://dev.laptop.org/git/olpc-
kernel/commit/?h=x86-3.3&id=e98f01abce522fb70a3852b23b62205244ef69b8
--
Ticket URL: <http://dev.laptop.org/ticket/12757#comment:3>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list