Fixed WPA/RSN IE validation to verify the proto (WPA vs. WPA2) is enabled

Previous version could have allowed a broken client to complete WPA (or WPA2) authentication even if the selected proto was not enabled in hostapd configuration.
16 years ago · 2100a768bf
parent 8de4f2e9ba
commit 2100a768bf
3 changed files with 9 additions and 1 deletions
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@ -17,6 +17,8 @@ ChangeLog for hostapd
 	  (IEEE 802.11w)
 	* added new "driver wrapper" for RADIUS-only configuration
 	  (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
+	* fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
+	  is enabled in configuration

 2008-08-10 - v0.6.4
 	* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
--- a/hostapd/wpa.h
+++ b/hostapd/wpa.h
@ -216,7 +216,7 @@ enum {
 	WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
 	WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
 	WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER,
-	WPA_INVALID_MDIE
+	WPA_INVALID_MDIE, WPA_INVALID_PROTO
 };
 	
 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
--- a/hostapd/wpa_auth_ie.c
+++ b/hostapd/wpa_auth_ie.c
@ -470,6 +470,12 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 	else
 		version = WPA_PROTO_WPA;

+	if (!(wpa_auth->conf.wpa & version)) {
+		wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
+			   version, MAC2STR(sm->addr));
+		return WPA_INVALID_PROTO;
+	}
+
 	if (version == WPA_PROTO_RSN) {
 		res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);