aboutsummaryrefslogtreecommitdiffstats
path: root/src/ap/wpa_auth_ft.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2010-04-09 14:08:16 (GMT)
committerJouni Malinen <j@w1.fi>2010-04-09 14:08:16 (GMT)
commit8aaf894de2bc121a6feb38ddd301b489ce7c636b (patch)
tree6d415bbfd3eecc44b406b4ac85545e57e605d832 /src/ap/wpa_auth_ft.c
parent148fb67d5e2a7c64437cccad86a2acbca7b64ba7 (diff)
downloadhostap-8aaf894de2bc121a6feb38ddd301b489ce7c636b.zip
hostap-8aaf894de2bc121a6feb38ddd301b489ce7c636b.tar.gz
hostap-8aaf894de2bc121a6feb38ddd301b489ce7c636b.tar.bz2
FT: Validate protect IE count in FTIE MIC Control
Diffstat (limited to 'src/ap/wpa_auth_ft.c')
-rw-r--r--src/ap/wpa_auth_ft.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index bb28163..0c07d20 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -1094,6 +1094,7 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
struct rsn_mdie *mdie;
struct rsn_ftie *ftie;
u8 mic[16];
+ unsigned int count;
if (sm == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
@@ -1137,6 +1138,16 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
return WLAN_STATUS_INVALID_FTIE;
}
+ count = 3;
+ if (parse.ric)
+ count++;
+ if (ftie->mic_control[1] != count) {
+ wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
+ "Control: received %u expected %u",
+ ftie->mic_control[1], count);
+ return -1;
+ }
+
if (wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 5,
parse.mdie - 2, parse.mdie_len + 2,
parse.ftie - 2, parse.ftie_len + 2,