On Wed, Dec 16, 2020 at 01:01:39PM +0200, Ilan Peer wrote: > diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c > @@ -603,11 +603,19 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, > + if (sm->force_kdk_derivation || > + (sm->secure_ltf && sm->ap_rsnxe && sm->ap_rsnxe_len >= 4 && > + sm->ap_rsnxe[3] & WLAN_RSNX_CAPAB_SECURE_LTF)) There were number of issues like this one where WLAN_RSNX_CAPAB_SECURE_LTF is assumed to be the specific bit instead of bit index.. I fixed these and ended up using full capability offset from the beginning rather than start from zero for the second octet to make this look a bit more readable. I also changed the RSNXE generation functions to build a local u16 capab first to make that easier to read and extend. It would likely make sense to add a helper function for checking whether a specific extended capability bit is set (similarly to ieee802_11_ext_capab()) to clean up these parsing cases a bit more. All four patches applied with some cleanup and fixes. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
