From a762ba8b1e7d25f81f1f913825d05b083af0204b Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 30 Aug 2019 15:22:42 +0300 Subject: [PATCH] HS 2.0 AP: Do not mandate PMF for HS 2.0 Indication in open OSU network Even though the station is not supposed to include Hotspot 2.0 Indication element in the Association Request frame when connecting to the open OSU BSS, some station devices seem to do so. With the strict PMF-required-with-Hotspot-2.0-R2 interpretation, such connection attempts were rejected. Relax this to only perform the PMF check if the local AP configuration has PMF enabled, i.e., for the production BSS. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index c85a28db4..dc3c61ff7 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -3243,7 +3243,8 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, elems.hs20_len - 4); release = ((elems.hs20[4] >> 4) & 0x0f) + 1; - if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm)) { + if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm) && + hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { wpa_printf(MSG_DEBUG, "HS 2.0: PMF not negotiated by release %d station " MACSTR, release, MAC2STR(sta->addr));