aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWill Glynn <will@willglynn.com>2016-11-26 02:39:12 (GMT)
committerJouni Malinen <j@w1.fi>2016-11-26 09:39:44 (GMT)
commit209dad066e5275ac13f52623cc9eaf9b70910123 (patch)
treeb43a8f5d0995690e97333e77be97667e4b24dec2
parentbacbb62294d344cf77547912a800678e0a69b55c (diff)
downloadhostap-209dad066e5275ac13f52623cc9eaf9b70910123.zip
hostap-209dad066e5275ac13f52623cc9eaf9b70910123.tar.gz
hostap-209dad066e5275ac13f52623cc9eaf9b70910123.tar.bz2
FT: Explicitly check for MDE not present in non-FT association
IEEE Std 802.11-2012, 12.4.2 states that if an MDE is present in an (Re)Association Request frame but the RSNE uses a non-FT AKM suite, the AP shall reject the association using status code 43 ("Invalid AKMP"). wpa_validate_wpa_ie() now explicitly checks for this condition to meet this requirement instead of simply ignoring the MDE based on non-FT AKM. Signed-off-by: Will Glynn <will@willglynn.com>
-rw-r--r--src/ap/wpa_auth_ie.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 1df3009..c770d62 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -716,6 +716,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
"MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
return WPA_INVALID_MDIE;
}
+ } else if (mdie != NULL) {
+ wpa_printf(MSG_DEBUG,
+ "RSN: Trying to use non-FT AKM suite, but MDIE included");
+ return WPA_INVALID_AKMP;
}
#endif /* CONFIG_IEEE80211R_AP */