aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2009-02-11 15:28:42 (GMT)
committerJouni Malinen <j@w1.fi>2009-02-15 13:10:00 (GMT)
commitf3ca8b2b5455caa4ddb854930b07da0d79b4ee03 (patch)
treebe03d108101b398d35acb452cba5490116305154 /src
parent777ac9643dd87e10e829adf2977a24d08e176490 (diff)
downloadhostap-06-f3ca8b2b5455caa4ddb854930b07da0d79b4ee03.zip
hostap-06-f3ca8b2b5455caa4ddb854930b07da0d79b4ee03.tar.gz
hostap-06-f3ca8b2b5455caa4ddb854930b07da0d79b4ee03.tar.bz2
EAP-AKA': Verify that AMF separation bit is set
(cherry picked from commit 35f30422ecfe1163b6a70c89e1b7b6637b77133f)
Diffstat (limited to 'src')
-rw-r--r--src/eap_peer/eap_aka.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index 4e08090..da3df0d 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -840,7 +840,13 @@ static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
#ifdef EAP_AKA_PRIME
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
- * needed 6-octet SQN ^AK for CK',IK' derivation */
+ * needed 6-octet SQN ^ AK for CK',IK' derivation */
+ u16 amf = WPA_GET_BE16(data->autn + 6);
+ if (!(amf & 0x8000)) {
+ wpa_printf(MSG_WARNING, "EAP-AKA': AMF separation bit "
+ "not set (AMF=0x%4x)", amf);
+ return eap_aka_authentication_reject(data, id);
+ }
eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
data->autn,
data->network_name,