diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2022-04-04 09:13:12 +0200 |
|---|---|---|
| committer | Andrej Shadura <andrewsh@debian.org> | 2022-05-05 11:25:22 +0100 |
| commit | 992d5b6ac637a1aa70e84d10921cafbc89813516 (patch) | |
| tree | 1b79d813db4564481d29a02389666c9fff4836ac | |
| parent | 1f4ed4868d9ee8b80cfb81585d226035b64aeec2 (diff) | |
AP: guard FT-SAE code with CONFIG_IEEE80211R_AParchive/debian/2%2.10-8_bpo11+1
wpa_supplicant doesn't support FT in AP mode, but it still negotiates
FT-SAE. This can lead to an authentication failure when the AP is
started with key_mgmt="SAE FT-SAE" and the STA supports both.
Ensure that FT-SAE is not negotiated when CONFIG_IEEE80211R_AP is not
defined.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Gbp-Pq: Topic upstream-fixes
Gbp-Pq: Name 0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
| -rw-r--r-- | src/ap/wpa_auth_ie.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 524922e..d63cbeb 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -228,11 +228,13 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, pos += RSN_SELECTOR_LEN; num_suites++; } +#ifdef CONFIG_IEEE80211R_AP if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) { RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE); pos += RSN_SELECTOR_LEN; num_suites++; } +#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_SAE */ if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) { RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B); @@ -670,8 +672,10 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, #ifdef CONFIG_SAE else if (data.key_mgmt & WPA_KEY_MGMT_SAE) selector = RSN_AUTH_KEY_MGMT_SAE; +#ifdef CONFIG_IEEE80211R_AP else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE) selector = RSN_AUTH_KEY_MGMT_FT_SAE; +#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_SAE */ else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; @@ -778,8 +782,10 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, #ifdef CONFIG_SAE else if (key_mgmt & WPA_KEY_MGMT_SAE) sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE; +#ifdef CONFIG_IEEE80211R_AP else if (key_mgmt & WPA_KEY_MGMT_FT_SAE) sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE; +#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_SAE */ else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X) sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X; |