blob: 881077466521cd2e9e44bee902cb94a5259f34c4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From 54e0de1a9ee81477e9dfb93985c1fbf105b3d1d4 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Wed, 10 Oct 2018 23:22:23 +0200
Subject: SAE: Do not ignore option sae_require_mfp
Without this patch sae_require_mfp is always activate, when ieee80211w
is set to optional all stations negotiating SAEs are being rejected when
they do not support PMF. With this patch hostapd only rejects these
stations in case sae_require_mfp is set to some value and not null.
Fixes ba3d435fe43 ("SAE: Add option to require MFP for SAE associations")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
src/ap/wpa_auth_ie.c | 1 +
1 file changed, 1 insertion(+)
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -721,6 +721,7 @@ int wpa_validate_wpa_ie(struct wpa_authe
#ifdef CONFIG_SAE
if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
+ wpa_auth->conf.sae_require_mfp &&
wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
!(data.capabilities & WPA_CAPABILITY_MFPC)) {
wpa_printf(MSG_DEBUG,
|
