From 93ba13bcfdb4f7aaf4019f76457055209a8a3c89 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 9 Nov 2019 00:33:58 +0200 Subject: [PATCH] Fix status code in SAE/DPP association PMKID mismatch (driver-AP-SME) wpa_validate_wpa_ie() was already extended to cover these cases with WPA_INVALID_PMKID return value, but hostapd_notif_assoc() did not have code for mapping this into the appropriate status code (STATUS_INVALID_PMKID) and ended up using the default (WLAN_STATUS_INVALID_IE) instead. This caused AP SME-in-driver cases returning incorrect status code when the AP did not have a matching PMKSA cache entry. This could result in unexpected station behavior where the station could continue trying to use a PMKSA cache entry that the AP does not have and not being able to recover this. Fix this by adding the previously missed mapping of validation errors to status/reason codes. Fixes: 567da5bbd027 ("DPP: Add new AKM") Fixes: 458d8984de1d ("SAE: Reject request with mismatching PMKID (no PMKSA cache entry)") Signed-off-by: Jouni Malinen --- src/ap/drv_callbacks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 3198bd563..e5ce76d11 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -344,6 +344,9 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, } else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) { reason = WLAN_REASON_CIPHER_SUITE_REJECTED; status = WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; + } else if (res == WPA_INVALID_PMKID) { + reason = WLAN_REASON_INVALID_PMKID; + status = WLAN_STATUS_INVALID_PMKID; } else { reason = WLAN_REASON_INVALID_IE; status = WLAN_STATUS_INVALID_IE;