From ca1cecc54d7c43b29b0c3adb63e21b2381620bea Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 8 Feb 2020 03:36:13 +0200 Subject: [PATCH] SAE: Verify that appropriate Status Code is used in SAE commit (SME) Previous version accepted both 0 and 126 values in SAE commit message from the AP. Explicitly check that the value the AP uses matches what the STA started with to avoid unexpected cases. Signed-off-by: Jouni Malinen --- wpa_supplicant/sme.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index eafff1d6a..64b22c451 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -1291,6 +1291,19 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction, "SAE: Ignore commit message while waiting for confirm"); return 0; } + if (wpa_s->sme.sae.tmp && wpa_s->sme.sae.tmp->h2e && + status_code == WLAN_STATUS_SUCCESS) { + wpa_printf(MSG_DEBUG, + "SAE: Unexpected use of status code 0 in SAE commit when H2E was expected"); + return -1; + } + if (wpa_s->sme.sae.tmp && !wpa_s->sme.sae.tmp->h2e && + status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) { + wpa_printf(MSG_DEBUG, + "SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected"); + return -1; + } + if (groups && groups[0] <= 0) groups = NULL; res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,