Strip trailing zero data in EAPOL-Key msg 1/4 when no PMKID to send
EAPOL-Key message 1/4 without PMKID KDE was sent with 22 bytes of stray data following a zero length key data field. These 22 bytes happens to be the exact size of an PMKID KDE. Strip these trailing bytes by checking whether a PMKID is available and adjust pmkid_len to 0 if not. This was seen for example in capture files created by hwsim test case suite_b_192 but code modified to handle also the other cases without PMKID (Suite B no-KCK, FILS without PMKID available, SAE without PMKID available). Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
This commit is contained in:
Mikael Kanstrup
Jouni Malinen
parent
2c5ccfa607
commit
307cfc3286
1 changed files with 2 additions and 1 deletions
|
|
@ -2169,7 +2169,6 @@ SM_STATE(WPA_PTK, PTKSTART)
|
|||
wpa_printf(MSG_DEBUG,
|
||||
"FT: No PMKID in message 1/4 when using FT protocol");
|
||||
pmkid = NULL;
|
||||
pmkid_len = 0;
|
||||
#endif /* CONFIG_IEEE80211R_AP */
|
||||
#ifdef CONFIG_SAE
|
||||
} else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
|
||||
|
|
@ -2199,6 +2198,8 @@ SM_STATE(WPA_PTK, PTKSTART)
|
|||
&pmkid[2 + RSN_SELECTOR_LEN], PMKID_LEN);
|
||||
}
|
||||
}
|
||||
if (!pmkid)
|
||||
pmkid_len = 0;
|
||||
wpa_send_eapol(sm->wpa_auth, sm,
|
||||
WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
|
||||
sm->ANonce, pmkid, pmkid_len, 0, 0);
|
||||
|
|
|
|||
Loading…
Reference in a new issue