From 209dad066e5275ac13f52623cc9eaf9b70910123 Mon Sep 17 00:00:00 2001 From: Will Glynn Date: Sat, 26 Nov 2016 02:39:12 +0000 Subject: [PATCH] FT: Explicitly check for MDE not present in non-FT association IEEE Std 802.11-2012, 12.4.2 states that if an MDE is present in an (Re)Association Request frame but the RSNE uses a non-FT AKM suite, the AP shall reject the association using status code 43 ("Invalid AKMP"). wpa_validate_wpa_ie() now explicitly checks for this condition to meet this requirement instead of simply ignoring the MDE based on non-FT AKM. Signed-off-by: Will Glynn --- src/ap/wpa_auth_ie.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 1df3009f3..c770d62a0 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -716,6 +716,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN); return WPA_INVALID_MDIE; } + } else if (mdie != NULL) { + wpa_printf(MSG_DEBUG, + "RSN: Trying to use non-FT AKM suite, but MDIE included"); + return WPA_INVALID_AKMP; } #endif /* CONFIG_IEEE80211R_AP */