aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2009-05-27 06:52:24 (GMT)
committerJouni Malinen <j@w1.fi>2009-11-22 09:41:56 (GMT)
commite2dac5e98b6045154cc116925e505fa62b199c00 (patch)
tree13bbae98eea9674c4c575218b5cd1d3c70ff2f52
parent4b29392705da11b11198a02a4b1e5b64df34228a (diff)
downloadhostap-06-e2dac5e98b6045154cc116925e505fa62b199c00.zip
hostap-06-e2dac5e98b6045154cc116925e505fa62b199c00.tar.gz
hostap-06-e2dac5e98b6045154cc116925e505fa62b199c00.tar.bz2
hostapd: Require EAPOL-Key type to match with selected protocol
Previously, we would have allowed both the WPA and RSN EAPOL-Key types to be used regardless of whether the association is using WPA or RSN/WPA2. This shouldn't result in any significant problems on the Authenticator side, but anyway, we should check the type and ignore the EAPOL-Key frames that used unexpected type. (cherry picked from commit f8e96eb6fd960a017793942cff0eb43b09f444c6)
-rw-r--r--hostapd/wpa.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/hostapd/wpa.c b/hostapd/wpa.c
index ca08a02..bbfaa0c 100644
--- a/hostapd/wpa.c
+++ b/hostapd/wpa.c
@@ -619,6 +619,22 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
return;
}
+ if (sm->wpa == WPA_VERSION_WPA2) {
+ if (key->type != EAPOL_KEY_TYPE_RSN) {
+ wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
+ "unexpected type %d in RSN mode",
+ key->type);
+ return;
+ }
+ } else {
+ if (key->type != EAPOL_KEY_TYPE_WPA) {
+ wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
+ "unexpected type %d in WPA mode",
+ key->type);
+ return;
+ }
+ }
+
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
* are set */