From 458d8984de1d171b4d115c79e8c887283a7b231a Mon Sep 17 00:00:00 2001
From: Ashok Ponnaiah <aponnaia@codeaurora.org>
Date: Wed, 7 Feb 2018 12:16:20 +0200
Subject: [PATCH] SAE: Reject request with mismatching PMKID (no PMKSA cache
 entry)

Reject SAE association request when PMKID is included in the RSNE, but
the corresponding PMKSA is not available in the AP.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
---
 src/ap/wpa_auth_ie.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index c394293e8..b80c19c2f 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -827,6 +827,15 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 		os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
 	}
 
+#ifdef CONFIG_SAE
+	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
+	    !sm->pmksa) {
+		wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
+				 "No PMKSA cache entry found for SAE");
+		return WPA_INVALID_PMKID;
+	}
+#endif /* CONFIG_SAE */
+
 #ifdef CONFIG_DPP
 	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
 		wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,