From a28d127b1a994a8d25e51c69686d8db9e9fcdf62 Mon Sep 17 00:00:00 2001 From: Thomas Pedersen Date: Tue, 25 Aug 2020 08:48:06 -0700 Subject: [PATCH] AP: Reflect status code in SAE reflection attack test When testing SAE reflection, the incoming commit may have the H2E status code (126) or SAE-PK (127), but the test code in the AP was always sending back status code 0. The STA would then reject the commit response due to expecting H2E/SAE-PK status code. Just reflect the incoming status code so the commit can be rejected based on the SAE contents regardless of which variant of SAE was used. Signed-off-by: Thomas Pedersen --- src/ap/ieee802_11.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index a1a27f102..292393224 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -1241,6 +1241,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack"); pos = mgmt->u.auth.variable; end = ((const u8 *) mgmt) + len; + resp = status_code; send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, auth_transaction, resp, pos, end - pos, "auth-sae-reflection-attack");