From c88e01e1b69eeeb6d609f61a4352ef16cf41b3dd Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Sat, 7 Dec 2019 00:28:13 +0200
Subject: [PATCH] SAE H2E: Fix validation of rejected groups list

check_sae_rejected_groups() returns 1, not -1, in case an enabled group
is rejected. The previous check for < 0 could not have ever triggered.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/ap/ieee802_11.c  | 2 +-
 wpa_supplicant/sme.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 6a638f090..c10ae12ee 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1280,7 +1280,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 
 		if (sta->sae->tmp &&
 		    check_sae_rejected_groups(
-			    hapd, sta->sae->tmp->peer_rejected_groups) < 0) {
+			    hapd, sta->sae->tmp->peer_rejected_groups)) {
 			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 			goto remove_sta;
 		}
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index cfb5bb33d..48fc8f245 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1263,7 +1263,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 		if (wpa_s->sme.sae.tmp &&
 		    sme_check_sae_rejected_groups(
 			    wpa_s,
-			    wpa_s->sme.sae.tmp->peer_rejected_groups) < 0)
+			    wpa_s->sme.sae.tmp->peer_rejected_groups))
 			return -1;
 
 		if (sae_process_commit(&wpa_s->sme.sae) < 0) {