RSN: Verify RSNXE match between (Re)AssocReq and EAPOL-Key msg 2/4
If the STA advertises RSN Extension element, it has to be advertised consistently in the unprotected ((Re)Association Request) and protected (EAPOL-Key msg 2/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
9981d5bf31
commit
74866f5378
1 changed files with 16 additions and 0 deletions
|
|
@ -2937,6 +2937,22 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
WLAN_REASON_PREV_AUTH_NOT_VALID);
|
WLAN_REASON_PREV_AUTH_NOT_VALID);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if ((!sm->rsnxe && kde.rsnxe) ||
|
||||||
|
(sm->rsnxe && !kde.rsnxe) ||
|
||||||
|
(sm->rsnxe && kde.rsnxe &&
|
||||||
|
(sm->rsnxe_len != kde.rsnxe_len ||
|
||||||
|
os_memcmp(sm->rsnxe, kde.rsnxe, sm->rsnxe_len) != 0))) {
|
||||||
|
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
||||||
|
"RSNXE from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
|
||||||
|
wpa_hexdump(MSG_DEBUG, "RSNXE in AssocReq",
|
||||||
|
sm->rsnxe, sm->rsnxe_len);
|
||||||
|
wpa_hexdump(MSG_DEBUG, "RSNXE in EAPOL-Key msg 2/4",
|
||||||
|
kde.rsnxe, kde.rsnxe_len);
|
||||||
|
/* MLME-DEAUTHENTICATE.request */
|
||||||
|
wpa_sta_disconnect(wpa_auth, sm->addr,
|
||||||
|
WLAN_REASON_PREV_AUTH_NOT_VALID);
|
||||||
|
return;
|
||||||
|
}
|
||||||
#ifdef CONFIG_OCV
|
#ifdef CONFIG_OCV
|
||||||
if (wpa_auth_uses_ocv(sm)) {
|
if (wpa_auth_uses_ocv(sm)) {
|
||||||
struct wpa_channel_info ci;
|
struct wpa_channel_info ci;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue