diff options
| author | Will Glynn <will@willglynn.com> | 2016-11-26 02:39:12 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2016-11-26 09:39:44 (GMT) |
| commit | 209dad066e5275ac13f52623cc9eaf9b70910123 (patch) | |
| tree | b43a8f5d0995690e97333e77be97667e4b24dec2 | |
| parent | bacbb62294d344cf77547912a800678e0a69b55c (diff) | |
| download | hostap-209dad066e5275ac13f52623cc9eaf9b70910123.zip hostap-209dad066e5275ac13f52623cc9eaf9b70910123.tar.gz hostap-209dad066e5275ac13f52623cc9eaf9b70910123.tar.bz2 | |
FT: Explicitly check for MDE not present in non-FT association
IEEE Std 802.11-2012, 12.4.2 states that if an MDE is present in an
(Re)Association Request frame but the RSNE uses a non-FT AKM suite, the
AP shall reject the association using status code 43 ("Invalid AKMP").
wpa_validate_wpa_ie() now explicitly checks for this condition to meet
this requirement instead of simply ignoring the MDE based on non-FT AKM.
Signed-off-by: Will Glynn <will@willglynn.com>
| -rw-r--r-- | src/ap/wpa_auth_ie.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 1df3009..c770d62 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -716,6 +716,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN); return WPA_INVALID_MDIE; } + } else if (mdie != NULL) { + wpa_printf(MSG_DEBUG, + "RSN: Trying to use non-FT AKM suite, but MDIE included"); + return WPA_INVALID_AKMP; } #endif /* CONFIG_IEEE80211R_AP */ |