aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-12-08 11:57:51 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-08 12:06:58 (GMT)
commit3ce48c440e311c6c128aa3658b24ad1ef6384cf4 (patch)
treeb7df649848cd91cf0736d7eb27e59e4fe4f46288 /wpa_supplicant
parent842c29c173f3a80ac74e0fa3e57a134e9d301f06 (diff)
downloadhostap-3ce48c440e311c6c128aa3658b24ad1ef6384cf4.zip
hostap-3ce48c440e311c6c128aa3658b24ad1ef6384cf4.tar.gz
hostap-3ce48c440e311c6c128aa3658b24ad1ef6384cf4.tar.bz2
HS 2.0: Fix PMF-in-use check for ANQP Venue URL processing
The previous implementation did not check that we are associated with the sender of the GAS response before checking for PMF status. This could have accepted Venue URL when not in associated state. Fix this by explicitly checking for association with the responder first. This fixes an issue that was detected, e.g., with these hwsim test case sequences: gas_anqp_venue_url_pmf gas_anqp_venue_url gas_prot_vs_not_prot gas_anqp_venue_url Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/gas_query.c2
-rw-r--r--wpa_supplicant/gas_query.h1
-rw-r--r--wpa_supplicant/interworking.c2
3 files changed, 3 insertions, 2 deletions
diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
index f4f60c5..8e977a3 100644
--- a/wpa_supplicant/gas_query.c
+++ b/wpa_supplicant/gas_query.c
@@ -272,7 +272,7 @@ static void gas_query_tx_status(struct wpa_supplicant *wpa_s,
}
-static int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
+int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
{
if (wpa_s->current_ssid == NULL ||
wpa_s->wpa_state < WPA_4WAY_HANDSHAKE ||
diff --git a/wpa_supplicant/gas_query.h b/wpa_supplicant/gas_query.h
index 982c0f7..d2b4554 100644
--- a/wpa_supplicant/gas_query.h
+++ b/wpa_supplicant/gas_query.h
@@ -19,6 +19,7 @@ void gas_query_deinit(struct gas_query *gas);
int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
const u8 *bssid, u8 categ, const u8 *data, size_t len,
int freq);
+int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr);
/**
* enum gas_query_result - GAS query result
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 3987008..396fea6 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -2983,7 +2983,7 @@ static void interworking_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
MAC2STR(sa));
anqp_add_extra(wpa_s, anqp, info_id, pos, slen);
- if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
+ if (!pmf_in_use(wpa_s, sa)) {
wpa_printf(MSG_DEBUG,
"ANQP: Ignore Venue URL since PMF was not enabled");
break;