diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-10-10 23:36:15 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-10-14 13:57:14 +0200 |
commit | a1ad1144b61680cfa0803b681a3b55ff8c557022 (patch) | |
tree | 9e6d0edbf127be3b93df3d8dee9a1bbe5d7048c3 /package/network | |
parent | 779773a0dee759d87c483de266e41164cd851af0 (diff) | |
download | upstream-a1ad1144b61680cfa0803b681a3b55ff8c557022.tar.gz upstream-a1ad1144b61680cfa0803b681a3b55ff8c557022.tar.bz2 upstream-a1ad1144b61680cfa0803b681a3b55ff8c557022.zip |
hostapd: SAE: Do not ignore option sae_require_mfp
This patch was send for integration into the hostapd project.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/network')
-rw-r--r-- | package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch new file mode 100644 index 0000000000..8810774665 --- /dev/null +++ b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch @@ -0,0 +1,26 @@ +From 54e0de1a9ee81477e9dfb93985c1fbf105b3d1d4 Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens <hauke@hauke-m.de> +Date: Wed, 10 Oct 2018 23:22:23 +0200 +Subject: SAE: Do not ignore option sae_require_mfp + +Without this patch sae_require_mfp is always activate, when ieee80211w +is set to optional all stations negotiating SAEs are being rejected when +they do not support PMF. With this patch hostapd only rejects these +stations in case sae_require_mfp is set to some value and not null. + +Fixes ba3d435fe43 ("SAE: Add option to require MFP for SAE associations") +Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> +--- + src/ap/wpa_auth_ie.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/src/ap/wpa_auth_ie.c ++++ b/src/ap/wpa_auth_ie.c +@@ -721,6 +721,7 @@ int wpa_validate_wpa_ie(struct wpa_authe + + #ifdef CONFIG_SAE + if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL && ++ wpa_auth->conf.sae_require_mfp && + wpa_key_mgmt_sae(sm->wpa_key_mgmt) && + !(data.capabilities & WPA_CAPABILITY_MFPC)) { + wpa_printf(MSG_DEBUG, |