hostapd: Require EAPOL-Key type to match with selected protocol
Previously, we would have allowed both the WPA and RSN EAPOL-Key types to be used regardless of whether the association is using WPA or RSN/WPA2. This shouldn't result in any significant problems on the Authenticator side, but anyway, we should check the type and ignore the EAPOL-Key frames that used unexpected type.
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
077a781f7a
commit
f8e96eb6fd
1 changed files with 16 additions and 0 deletions
|
|
@ -620,6 +620,22 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
|||
return;
|
||||
}
|
||||
|
||||
if (sm->wpa == WPA_VERSION_WPA2) {
|
||||
if (key->type != EAPOL_KEY_TYPE_RSN) {
|
||||
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
|
||||
"unexpected type %d in RSN mode",
|
||||
key->type);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
if (key->type != EAPOL_KEY_TYPE_WPA) {
|
||||
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
|
||||
"unexpected type %d in WPA mode",
|
||||
key->type);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
|
||||
* are set */
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue