diff mbox series

ap: reflect status code in SAE reflection attack

Message ID 20200825154806.17257-1-thomas@adapt-ip.com
State Accepted
Headers show
Series ap: reflect status code in SAE reflection attack | expand

Commit Message

Thomas Pedersen Aug. 25, 2020, 3:48 p.m. UTC
When testing SAE reflection, the incoming commit may have
the H2E status code (0x7e), but the AP was always sending
back status code 0. The STA would then reject the commit
response due to expecting H2E status code.

Just reflect the incoming status code so the commit can be
rejected based on the SAE contents.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
---
 src/ap/ieee802_11.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Jouni Malinen Oct. 9, 2020, 2:14 p.m. UTC | #1
On Tue, Aug 25, 2020 at 08:48:06AM -0700, Thomas Pedersen wrote:
> When testing SAE reflection, the incoming commit may have
> the H2E status code (0x7e), but the AP was always sending
> back status code 0. The STA would then reject the commit
> response due to expecting H2E status code.
> 
> Just reflect the incoming status code so the commit can be
> rejected based on the SAE contents.

Thanks, applied.
diff mbox series

Patch

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c98e77103106..f9b9f3f82b46 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1241,6 +1241,7 @@  static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 		wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
 		pos = mgmt->u.auth.variable;
 		end = ((const u8 *) mgmt) + len;
+		resp = status_code;
 		send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
 				auth_transaction, resp, pos, end - pos,
 				"auth-sae-reflection-attack");