From fa4642672542e9390aff3247ef63e51ec6ae0663 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 25 Oct 2015 15:12:58 +0200 Subject: [PATCH] RSN: Do not try to connect if PMF disabled and AP requires it Instead of trying to associate in configuration that is known to result in the AP rejecting the association, reject the BSS candidate based on the MFPR=1 RSN capability when STA configuration has PMF disabled. Signed-off-by: Jouni Malinen --- wpa_supplicant/events.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index ea1f142ad..aab752c46 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -564,6 +564,13 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, break; } #endif /* CONFIG_IEEE80211W */ + if ((ie.capabilities & WPA_CAPABILITY_MFPR) && + wpas_get_ssid_pmf(wpa_s, ssid) == + NO_MGMT_FRAME_PROTECTION) { + wpa_dbg(wpa_s, MSG_DEBUG, + " skip RSN IE - no mgmt frame protection enabled but AP requires it"); + break; + } wpa_dbg(wpa_s, MSG_DEBUG, " selected based on RSN IE"); return 1;