path: root/src
diff options
authorJouni Malinen <jouni@codeaurora.org>2019-08-16 10:50:54 (GMT)
committerJouni Malinen <j@w1.fi>2019-08-16 10:55:26 (GMT)
commit528f263c4a4bc0255a429e502336534b0a52fe35 (patch)
tree43e3795a247a664554e0098f5080439c935637b1 /src
parentae05b6a215efbb89a4898cd361d75cf4f1cb1d37 (diff)
FT: Reject over-the-DS response with MFPC=0 if PMF is required
If FT over-the-DS case is enforced through the "FT_DS <BSSID>" control interface command, the PMF capability check during BSS selection is not used and that could have allowed PMF to be disabled in the over-the-DS case even if the local network profile mandated use of PMF. Check against this explicitly to avoid unexpected cases if the APs within the same mobility domain are not configured consistently. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src')
3 files changed, 10 insertions, 0 deletions
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 4c4b899..a756958 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -958,6 +958,7 @@ int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
"RSN IE: %d", ret);
return -1;
+ parse->rsn_capab = data.capabilities;
if (data.num_pmkid == 1 && data.pmkid)
parse->rsn_pmkid = data.pmkid;
parse->key_mgmt = data.key_mgmt;
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index e83d688..cb511ff 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -453,6 +453,7 @@ struct wpa_ft_ies {
size_t r0kh_id_len;
const u8 *rsn;
size_t rsn_len;
+ u16 rsn_capab;
const u8 *rsn_pmkid;
const u8 *tie;
size_t tie_len;
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 7e8b523..f698ff4 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -597,6 +597,14 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
return -1;
+#ifdef CONFIG_IEEE80211W
+ if (sm->mfp == 2 && !(parse.rsn_capab & WPA_CAPABILITY_MFPC)) {
+ wpa_printf(MSG_INFO,
+ "FT: Target AP does not support PMF, but local configuration requires that");
+ return -1;
+ }
+#endif /* CONFIG_IEEE80211W */
os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID", sm->r1kh_id, FT_R1KH_ID_LEN);
wpa_hexdump(MSG_DEBUG, "FT: SNonce", sm->snonce, WPA_NONCE_LEN);