From 940491ce08bde0a03f70c185e93c5791b8c3a575 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Mon, 22 Feb 2016 16:46:29 +0200
Subject: [PATCH] MBO: Mandate use of PMF for WPA2+MBO association (STA)

If WPA2 is used, MBO AP must enable PMF. Refuse to select a BSS that has
MBO and WPA2 enabled without PMF.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 wpa_supplicant/events.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 3c3b55932..318aad7a1 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -574,6 +574,16 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
 				"   skip RSN IE - no mgmt frame protection enabled but AP requires it");
 			break;
 		}
+#ifdef CONFIG_MBO
+		if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
+		    wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) &&
+		    wpas_get_ssid_pmf(wpa_s, ssid) !=
+		    NO_MGMT_FRAME_PROTECTION) {
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"   skip RSN IE - no mgmt frame protection enabled on MBO AP");
+			break;
+		}
+#endif /* CONFIG_MBO */
 
 		wpa_dbg(wpa_s, MSG_DEBUG, "   selected based on RSN IE");
 		return 1;