From: Ilan Peer <ilan.peer@xxxxxxxxx> In cases of SAE failure, the mgmt->sa was used for sending the authentication frame. Fix the code to use the station address (which is the MLD address in cases of AP MLD). Signed-off-by: Ilan Peer <ilan.peer@xxxxxxxxx> --- src/ap/ieee802_11.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index a65287d77e..faaf0549af 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -1278,7 +1278,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, pos = mgmt->u.auth.variable; end = ((const u8 *) mgmt) + len; resp = status_code; - send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, + send_auth_reply(hapd, sta, sta->addr, mgmt->bssid, + WLAN_AUTH_SAE, auth_transaction, resp, pos, end - pos, "auth-sae-reflection-attack"); goto remove_sta; @@ -1286,7 +1287,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, if (hapd->conf->sae_commit_override && auth_transaction == 1) { wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override"); - send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, + send_auth_reply(hapd, sta, sta->addr, mgmt->bssid, + WLAN_AUTH_SAE, auth_transaction, resp, wpabuf_head(hapd->conf->sae_commit_override), wpabuf_len(hapd->conf->sae_commit_override), @@ -1557,7 +1559,8 @@ reply: data = wpabuf_alloc_copy(pos, 2); sae_sme_send_external_auth_status(hapd, sta, resp); - send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, + send_auth_reply(hapd, sta, sta->addr, mgmt->bssid, + WLAN_AUTH_SAE, auth_transaction, resp, data ? wpabuf_head(data) : (u8 *) "", data ? wpabuf_len(data) : 0, "auth-sae"); -- 2.43.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap