jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix MFP-enabled test for disallowed TKIP

Browse source 
The test against use of TKIP was done only in MFP-required
(ieee80211w=2) configuration. Fix this to check the pairwise cipher for
MFP-enabled (ieee80211w=1) case as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-12-27 18:38:12 +02:00
parent 5c8df74f18
commit 02b38d0ad5
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/ap/wpa_auth_ie.c
View file

@ -711,12 +711,6 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
}
if (ciphers & WPA_CIPHER_TKIP) {
wpa_printf(MSG_DEBUG, "Management frame protection "
"cannot use TKIP");
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
}
if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
{
wpa_printf(MSG_DEBUG, "Unsupported management group "
@ -740,6 +734,12 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
sm->mgmt_frame_prot = 0;
else
sm->mgmt_frame_prot = 1;
if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
wpa_printf(MSG_DEBUG,
"Management frame protection cannot use TKIP");
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
}
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R_AP