OWE: Fix association rejection behavior

If association failed for any non-OWE specific reason, the previous
implementation tried to add the OWE related IEs into the (Re)Association
Response frame. This is not needed and could actually result in
dereferencing a NULL pointer. Fix this by adding those OWE related IEs
only for successful association and only if the RSN state machine has
been initialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-12-02 20:21:21 +02:00
parent bd51246924
commit 8fc6d88465
2 changed files with 8 additions and 3 deletions

View file

@ -2922,7 +2922,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_IEEE80211R_AP */
#ifdef CONFIG_OWE #ifdef CONFIG_OWE
if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE)) if (sta && status_code == WLAN_STATUS_SUCCESS &&
(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p, p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
buf + buflen - p, buf + buflen - p,
ies, ies_len); ies, ies_len);
@ -3069,7 +3070,7 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
#ifdef CONFIG_OWE #ifdef CONFIG_OWE
if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
sta && sta->owe_ecdh && sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS &&
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) { wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
struct wpabuf *pub; struct wpabuf *pub;

View file

@ -1068,7 +1068,11 @@ u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
const u8 *req_ies, size_t req_ies_len) const u8 *req_ies, size_t req_ies_len)
{ {
int res; int res;
struct wpa_auth_config *conf = &sm->wpa_auth->conf; struct wpa_auth_config *conf;
if (!sm)
return pos;
conf = &sm->wpa_auth->conf;
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
if (conf->own_ie_override_len) { if (conf->own_ie_override_len) {