IEEE 802.11-2012 section 12.4.2 states that if an MDE is present in an
association request but the RSNE uses a non-FT AKM suite, the access point
must reject the association using code 43 ("Invalid AKMP").
wpa_validate_wpa_ie() now checks for this condition.
Signed-off-by: Will Glynn <will@xxxxxxxxxxxxx>
---
src/ap/wpa_auth_ie.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 1df3009..507c096 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -716,6 +716,13 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
"MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
return WPA_INVALID_MDIE;
}
+ } else {
+ /* non-FT key management; ensure we're not illegally attempting FT */
+ if (mdie != NULL) {
+ wpa_printf(MSG_DEBUG, "RSN: Trying to use non-FT AKM suite, but "
+ "MDIE included");
+ return WPA_INVALID_AKMP;
+ }
}
#endif /* CONFIG_IEEE80211R_AP */
--
2.10.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
