| Message ID | 20191119095105.32569-1-mikael.kanstrup@sony.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Strip trailing zero data in EAPOL KEY msg 1/4 when no pmkid to send | expand |
On Tue, Nov 19, 2019 at 10:51:05AM +0100, Mikael Kanstrup wrote: > EAPOL key message 1/4 without PMKID IE is sent with 22 bytes of stray > data following a zero length key data field. These 22 bytes happens > to be the exact size of an PMKID IE. Strip trailing bytes by checking > whether a pmkid is available and adjust pmkid_len to 0 if not. > > This was seen for example in capture files created by hwsim test case > test_suite_b_192 but code modified to handle also the other cases > without pmkid. Thanks, applied.
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 7b690d730..cd515086a 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2169,7 +2169,6 @@ SM_STATE(WPA_PTK, PTKSTART) wpa_printf(MSG_DEBUG, "FT: No PMKID in message 1/4 when using FT protocol"); pmkid = NULL; - pmkid_len = 0; #endif /* CONFIG_IEEE80211R_AP */ #ifdef CONFIG_SAE } else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) { @@ -2199,6 +2198,9 @@ SM_STATE(WPA_PTK, PTKSTART) &pmkid[2 + RSN_SELECTOR_LEN], PMKID_LEN); } } + if (pmkid == NULL) { + pmkid_len = 0; + } wpa_send_eapol(sm->wpa_auth, sm, WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL, sm->ANonce, pmkid, pmkid_len, 0, 0);
EAPOL key message 1/4 without PMKID IE is sent with 22 bytes of stray data following a zero length key data field. These 22 bytes happens to be the exact size of an PMKID IE. Strip trailing bytes by checking whether a pmkid is available and adjust pmkid_len to 0 if not. This was seen for example in capture files created by hwsim test case test_suite_b_192 but code modified to handle also the other cases without pmkid. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com> --- src/ap/wpa_auth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)