Message ID | 010001589e80343b-e60cfe20-5fd5-4b75-b6c7-aff7890dd769-000000@email.amazonses.com |
---|---|
State | Accepted |
Headers | show |
On Sat, Nov 26, 2016 at 02:39:12AM +0000, Will Glynn wrote: > IEEE 802.11-2012 section 12.4.2 states that if an MDE is present in an > association request but the RSNE uses a non-FT AKM suite, the access point > must reject the association using code 43 ("Invalid AKMP"). > > wpa_validate_wpa_ie() now checks for this condition. Thanks, applied.
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 1df3009..507c096 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -716,6 +716,13 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN); return WPA_INVALID_MDIE; } + } else { + /* non-FT key management; ensure we're not illegally attempting FT */ + if (mdie != NULL) { + wpa_printf(MSG_DEBUG, "RSN: Trying to use non-FT AKM suite, but " + "MDIE included"); + return WPA_INVALID_AKMP; + } } #endif /* CONFIG_IEEE80211R_AP */
IEEE 802.11-2012 section 12.4.2 states that if an MDE is present in an association request but the RSNE uses a non-FT AKM suite, the access point must reject the association using code 43 ("Invalid AKMP"). wpa_validate_wpa_ie() now checks for this condition. Signed-off-by: Will Glynn <will@willglynn.com> --- src/ap/wpa_auth_ie.c | 7 +++++++ 1 file changed, 7 insertions(+)