aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/mesh_mpm.c
diff options
context:
space:
mode:
authorBob Copeland <me@bobcopeland.com>2015-12-27 02:20:52 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-28 15:21:08 (GMT)
commitb2817cd5c2ee87d2b4812155bee82d74d331b5aa (patch)
tree23fce798654e837f3f3df53819a087f43b5cd4b1 /wpa_supplicant/mesh_mpm.c
parent6c33eed3ee7fd6bd9c561295e001a6b63adbb88d (diff)
downloadhostap-b2817cd5c2ee87d2b4812155bee82d74d331b5aa.zip
hostap-b2817cd5c2ee87d2b4812155bee82d74d331b5aa.tar.gz
hostap-b2817cd5c2ee87d2b4812155bee82d74d331b5aa.tar.bz2
mesh: Check PMKID in AMPE Action frames
From IEEE Std 802.11-2012 13.3.5: If the incoming Mesh Peering Management frame is for AMPE and the Chosen PMK from the received frame contains a PMKID that does not identify a valid mesh PMKSA, the frame shall be silently discarded. We were not checking the PMKID previously, and we also weren't parsing it correctly, so fix both. Signed-off-by: Bob Copeland <me@bobcopeland.com>
Diffstat (limited to 'wpa_supplicant/mesh_mpm.c')
-rw-r--r--wpa_supplicant/mesh_mpm.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 7ebd4d2..3259151 100644
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -74,8 +74,8 @@ static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s,
/* remove optional PMK at end */
if (len >= 16) {
- len -= 16;
mpm_ie->pmk = ie + len - 16;
+ len -= 16;
}
if ((action_field == PLINK_OPEN && len != 4) ||
@@ -1014,6 +1014,7 @@ void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
if ((mconf->security & MESH_CONF_SEC_AMPE) &&
mesh_rsn_process_ampe(wpa_s, sta, &elems,
&mgmt->u.action.category,
+ peer_mgmt_ie.pmk,
ies, ie_len)) {
wpa_printf(MSG_DEBUG, "MPM: RSN process rejected frame");
return;