aboutsummaryrefslogtreecommitdiffstats
path: root/src/ap/wpa_auth_ft.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-12-09 22:11:00 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-09 22:14:35 (GMT)
commite44bd28cd1d9419d38561d6ce618481f0d3b5c16 (patch)
treed54ce8a46b134f95977a534702b28abd0a728963 /src/ap/wpa_auth_ft.c
parent59e78c2408e65db4b7b965320129ecf15561e884 (diff)
downloadhostap-e44bd28cd1d9419d38561d6ce618481f0d3b5c16.zip
hostap-e44bd28cd1d9419d38561d6ce618481f0d3b5c16.tar.gz
hostap-e44bd28cd1d9419d38561d6ce618481f0d3b5c16.tar.bz2
FT: Fix sm->assoc_resp_ftie storing on the AP side
The FTIE from (Re)Association Response frame was copied before calculating the MIC. This resulted in incorrect value being used when comparing the EAPOL-Key msg 2/4 value in case PTK rekeying was used after FT protocol run. Fix this by storing the element after the MIC field has been filled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/ap/wpa_auth_ft.c')
-rw-r--r--src/ap/wpa_auth_ft.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index eeaffbf..42242a5 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -720,11 +720,6 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
ftie_len = res;
pos += res;
- os_free(sm->assoc_resp_ftie);
- sm->assoc_resp_ftie = os_malloc(ftie_len);
- if (sm->assoc_resp_ftie)
- os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
-
_ftie = (struct rsn_ftie *) (ftie + 2);
if (auth_alg == WLAN_AUTH_FT)
_ftie->mic_control[1] = 3; /* Information element count */
@@ -750,6 +745,11 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
_ftie->mic) < 0)
wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
+ os_free(sm->assoc_resp_ftie);
+ sm->assoc_resp_ftie = os_malloc(ftie_len);
+ if (sm->assoc_resp_ftie)
+ os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
+
return pos;
}