SAE: Verify that appropriate Status Code is used in SAE commit (SME)

Previous version accepted both 0 and 126 values in SAE commit message from the AP. Explicitly check that the value the AP uses matches what the STA started with to avoid unexpected cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 03:36:13 +02:00 · 2020-02-08 03:36:13 +02:00 · ca1cecc54d
commit ca1cecc54d
parent c248ebaf4f
1 changed files with 13 additions and 0 deletions
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@ -1291,6 +1291,19 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 				   "SAE: Ignore commit message while waiting for confirm");
 			return 0;
 		}
+		if (wpa_s->sme.sae.tmp && wpa_s->sme.sae.tmp->h2e &&
+		    status_code == WLAN_STATUS_SUCCESS) {
+			wpa_printf(MSG_DEBUG,
+				   "SAE: Unexpected use of status code 0 in SAE commit when H2E was expected");
+			return -1;
+		}
+		if (wpa_s->sme.sae.tmp && !wpa_s->sme.sae.tmp->h2e &&
+		    status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
+			wpa_printf(MSG_DEBUG,
+				   "SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected");
+			return -1;
+		}
+
 		if (groups && groups[0] <= 0)
 			groups = NULL;
 		res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,