hostapd: Require EAPOL-Key type to match with selected protocol
Previously, we would have allowed both the WPA and RSN EAPOL-Key types to be used regardless of whether the association is using WPA or RSN/WPA2. This shouldn't result in any significant problems on the Authenticator side, but anyway, we should check the type and ignore the EAPOL-Key frames that used unexpected type.
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
077a781f7a
commit
f8e96eb6fd
1 changed files with 16 additions and 0 deletions
|
|
@ -620,6 +620,22 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (sm->wpa == WPA_VERSION_WPA2) {
|
||||||
|
if (key->type != EAPOL_KEY_TYPE_RSN) {
|
||||||
|
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
|
||||||
|
"unexpected type %d in RSN mode",
|
||||||
|
key->type);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (key->type != EAPOL_KEY_TYPE_WPA) {
|
||||||
|
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
|
||||||
|
"unexpected type %d in WPA mode",
|
||||||
|
key->type);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
|
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
|
||||||
* are set */
|
* are set */
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue